Ticket #6635: 6635.patch
File 6635.patch, 713 bytes (added by , 17 years ago) |
---|
-
__init__.py
750 750 751 751 # If the raw path is passed in, validate it's under the MEDIA_ROOT. 752 752 def isWithinMediaRoot(field_data, all_data): 753 f = os.path.abspath(os.path.join(settings.MEDIA_ROOT, field_data ))753 f = os.path.abspath(os.path.join(settings.MEDIA_ROOT, field_data.strip('/'))) 754 754 if not f.startswith(os.path.abspath(os.path.normpath(settings.MEDIA_ROOT))): 755 755 raise validators.ValidationError, _("Enter a valid filename.") 756 756 field_list[1].validator_list.append(isWithinMediaRoot)