Attention is currently required from: Hoernchen, dexter.
Patch set 1:Code-Review -1
1 comment:
File osmo-smdpp.py:
Patch Set #1, Line 643: if os.path.commonprefix((os.path.realpath(path),self.upp_dir)) != self.upp_dir:
The commit message doesn't make sense, given that there is `os.path.realpath(path)` already I don't see how this could be exploited...
```
>>> upp_dir = "/tmp/"
>>> path = "/tmp/../etc/passwd"
>>> os.path.commonprefix((os.path.realpath(path), upp_dir))
'/'
>>> os.path.commonprefix((os.path.realpath(path), upp_dir)) == upp_dir
False
```
To view, visit change 42625. To unsubscribe, or for help writing mail filters, visit settings.