[F] Prevent path traversal attack
This commit is contained in:
@@ -79,6 +79,11 @@ def serve_report() -> None:
|
||||
:param path: Path of the resource
|
||||
:return: File resource or 404
|
||||
"""
|
||||
# Prevent path traversal attacks
|
||||
if '..' in path:
|
||||
return Response('Nope.')
|
||||
|
||||
# Send file
|
||||
path = os.path.join(REPORT_DIR, path)
|
||||
return send_from_directory(Path(path).absolute().parent, Path(path).name)
|
||||
|
||||
@@ -90,6 +95,10 @@ def serve_report() -> None:
|
||||
:param path: Path of the resource
|
||||
:return: File resource or 404
|
||||
"""
|
||||
# Prevent path traversal attacks
|
||||
if '..' in path:
|
||||
return Response('Nope.')
|
||||
|
||||
path = os.path.join(src_dir, 'resources', path)
|
||||
return send_from_directory(Path(path).absolute().parent, Path(path).name)
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ There are three divisions in this equation, so there are three possible places w
|
||||
|
||||
@include `/pop/ignored.md`
|
||||
|
||||
Graphing the results, we find that the *TODO*
|
||||
Graphing the results, we find that the ***TODO***
|
||||
|
||||
<div class="image-row">
|
||||
<div><img src="/pop/500-pop-hist.png" alt="hist"></div>
|
||||
@@ -69,6 +69,8 @@ Graphing the results, we find that the *TODO*
|
||||
|
||||
After we answered how frequently people posted about COVID-19 and how interested are people to view these posts, we analyze our data over the posting dates to answer the second part of our research question: **How does posting frequency and people's interests in COVID-19 posts changes from the beginning of the pandemic to now?**
|
||||
|
||||
**_TODO_**
|
||||
|
||||
## References
|
||||
|
||||
<a id="ref1"></a>
|
||||
|
||||
Reference in New Issue
Block a user