Compare commits

base: retoor:284ef3d263cef3bb23a59ba00264473235625bfe
Branches Tags
retoor:main
..
compare: retoor:c9f3f74dc9de572df25d68219b5ff462bf136157
Branches Tags
retoor:main

No commits in common. "284ef3d263cef3bb23a59ba00264473235625bfe" and "c9f3f74dc9de572df25d68219b5ff462bf136157" have entirely different histories.
284ef3d263 ... c9f3f74dc9

1 changed files with 4 additions and 1 deletions
Show Stats Expand all files Collapse all files

5
src/rupload/app.py
View File

@ -271,7 +271,10 @@ async def handle_upload(request: web.Request):
async def handle_thumbnail(request: web.Request):
path = request.match_info["path"]
safe_path = pathlib.Path(path)
safe_path = pathlib.Path(request.app.upload_path).joinpath(path)
if not safe_path.exists():
return web.Response(status=404, text="File not found.")
if not safe_path.is_file():
return web.Response(status=400, text="Invalid file type.")