file_manager: check write permissions for uploads

If the specified path is a symbolic link do not proceed with the upload, raise an exception. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-10-27 08:43:07 -04:00 · 2021-10-27 08:43:07 -04:00 · e33962fdd4
parent 734f295822
commit e33962fdd4
1 changed files with 4 additions and 0 deletions
--- a/moonraker/components/file_manager/file_manager.py
+++ b/moonraker/components/file_manager/file_manager.py
@ -480,6 +480,10 @@ class FileManager:
        if unzip_ufp:
            filename = os.path.splitext(filename)[0] + ".gcode"
            dest_path = os.path.splitext(dest_path)[0] + ".gcode"
+        if os.path.islink(dest_path):
+            raise self.server.error(f"Cannot overwrite symlink: {dest_path}")
+        if os.path.isfile(dest_path) and not os.access(dest_path, os.W_OK):
+            raise self.server.error(f"File is read-only: {dest_path}")
        return {
            'root': root,
            'filename': filename,