Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Maybe) fix potential code injection attack

Browse Source
This commit is contained in:
LukasDoesDev 2021-01-15 14:33:17 +02:00
parent eba7bff050
commit 75fb8fc920
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/classes/shared/helpers.py
View File

@ -9,6 +9,7 @@ import base64
import socket import socket
import random import random
import logging import logging
import html
from datetime import datetime from datetime import datetime
from socket import gethostname from socket import gethostname
@ -455,17 +456,19 @@ class Helpers:
return data return data
@staticmethod @staticmethod
def generate_tree(folder, html=""): def generate_tree(folder, output=""):
for filename in os.listdir(folder): for filename in os.listdir(folder):
print(filename)
filename = html.escape(filename)
print(filename) print(filename)
rel = os.path.join(folder, filename) rel = os.path.join(folder, filename)
if os.path.isdir(rel): if os.path.isdir(rel):
html += '<li>\n<span class="tree-caret">{}</span>\n<ul class="tree-nested">'.format(filename) output += '<li>\n<span class="tree-caret">{}</span>\n<ul class="tree-nested">'.format(filename)
html += helper.generate_tree(rel) output += helper.generate_tree(rel)
html += '</ul>\n</li>' output += '</ul>\n</li>'
else: else:
html += '<li>{}</li>'.format(filename) output += '<li>{}</li>'.format(filename)
return html return output
helper = Helpers() helper = Helpers()