Commit 937efc8
justin
fix: 修复 Django 3.2.12+ 升级后 SuspiciousFileOperation 路径遍历检测错误
- AdminFileSystemStorage 设置默认 location="/" 允许使用绝对路径
- 解决 CVE-2022-24750 安全检查与项目绝对路径存储模式的冲突
- 本项目读写控制不存在用户直接指定路径的行为,此修改是安全的1 parent b5ef780 commit 937efc8
2 files changed
Lines changed: 6 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
126 | 126 | | |
127 | 127 | | |
128 | 128 | | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
129 | 134 | | |
130 | 135 | | |
131 | 136 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| |||
0 commit comments