3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

file_manager: check write permissions for uploads 

If the specified path is a symbolic link do not proceed with the upload, raise an exception.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2021-10-27 08:43:07 -04:00
parent 734f295822
commit e33962fdd4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
moonraker/components/file_manager/file_manager.py
View File

@ -480,6 +480,10 @@ class FileManager:
if unzip_ufp: if unzip_ufp:
filename = os.path.splitext(filename)[0] + ".gcode" filename = os.path.splitext(filename)[0] + ".gcode"
dest_path = os.path.splitext(dest_path)[0] + ".gcode" dest_path = os.path.splitext(dest_path)[0] + ".gcode"
if os.path.islink(dest_path):
raise self.server.error(f"Cannot overwrite symlink: {dest_path}")
if os.path.isfile(dest_path) and not os.access(dest_path, os.W_OK):
raise self.server.error(f"File is read-only: {dest_path}")
return { return {
'root': root, 'root': root,
'filename': filename, 'filename': filename,