From 75fb8fc9201c3bd67995a8236e8d0cca961d8ed8 Mon Sep 17 00:00:00 2001 From: LukasDoesDev Date: Fri, 15 Jan 2021 14:33:17 +0200 Subject: [PATCH] (Maybe) fix potential code injection attack --- app/classes/shared/helpers.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py index 24256081..f1f81bae 100644 --- a/app/classes/shared/helpers.py +++ b/app/classes/shared/helpers.py @@ -9,6 +9,7 @@ import base64 import socket import random import logging +import html from datetime import datetime from socket import gethostname @@ -455,17 +456,19 @@ class Helpers: return data @staticmethod - def generate_tree(folder, html=""): + def generate_tree(folder, output=""): for filename in os.listdir(folder): + print(filename) + filename = html.escape(filename) print(filename) rel = os.path.join(folder, filename) if os.path.isdir(rel): - html += '
  • \n{}\n\n
  • ' + output += '
  • \n{}\n\n
  • ' else: - html += '
  • {}
  • '.format(filename) - return html + output += '
  • {}
  • '.format(filename) + return output helper = Helpers()