Resolve "Fuzzing Errors /api/upload"

2025-05-12 11:12:17 -04:00 · 2020-05-08 09:10:18 -07:00 · 2020-05-08 09:10:18 -07:00 · 853ace7d83
commit 853ace7d83
parent 9157dee69f
5 changed files with 46 additions and 5 deletions
--- a/matweb/frontend.py
+++ b/matweb/frontend.py
@ -53,8 +53,12 @@ def upload_file():
        if not uploaded_file.filename:
            flash('No selected file')
            return redirect(request.url)
+        try:
+            filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
+        except ValueError:
+            flash('Invalid Filename')
+            return redirect(request.url)

-        filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
        parser, mime = utils.get_file_parser(filepath)

        if parser is None: