stephenmcd / filebrowser-safe

File manager for Mezzanine
Other
42 stars 104 forks source link

Renames will never be allowed if MEDIA_ROOT has dots in path #115

Open jxcl opened 6 years ago

jxcl commented 6 years ago

The absolute path of the uploaded file is passed to the RenameForm, which includes MEDIA_ROOT. This path is validated to not contain dots. The MEDIA_ROOT should be allowed to contain dots, the form should only validate the parts of the path that are not part of MEDIA_ROOT.