diff options
| author | jfriedli | 2020-05-08 09:10:18 -0700 |
|---|---|---|
| committer | jfriedli | 2020-05-08 09:10:18 -0700 |
| commit | 853ace7d83424f85d903f6ffe2352bf41f86b7ce (patch) | |
| tree | 91f33ae06272bbeda564b0aabe1baa4aaf8e2d87 /matweb/frontend.py | |
| parent | 9157dee69f69eeba521ff0a5f5cc651d3629ae6c (diff) | |
Resolve "Fuzzing Errors /api/upload"
Diffstat (limited to 'matweb/frontend.py')
| -rw-r--r-- | matweb/frontend.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/matweb/frontend.py b/matweb/frontend.py index 2e25467..8295f4e 100644 --- a/matweb/frontend.py +++ b/matweb/frontend.py | |||
| @@ -53,8 +53,12 @@ def upload_file(): | |||
| 53 | if not uploaded_file.filename: | 53 | if not uploaded_file.filename: |
| 54 | flash('No selected file') | 54 | flash('No selected file') |
| 55 | return redirect(request.url) | 55 | return redirect(request.url) |
| 56 | try: | ||
| 57 | filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) | ||
| 58 | except ValueError: | ||
| 59 | flash('Invalid Filename') | ||
| 60 | return redirect(request.url) | ||
| 56 | 61 | ||
| 57 | filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) | ||
| 58 | parser, mime = utils.get_file_parser(filepath) | 62 | parser, mime = utils.get_file_parser(filepath) |
| 59 | 63 | ||
| 60 | if parser is None: | 64 | if parser is None: |