From 853ace7d83424f85d903f6ffe2352bf41f86b7ce Mon Sep 17 00:00:00 2001
From: jfriedli
Date: Fri, 8 May 2020 09:10:18 -0700
Subject: Resolve "Fuzzing Errors /api/upload"

---
 matweb/frontend.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'matweb/frontend.py')

diff --git a/matweb/frontend.py b/matweb/frontend.py
index 2e25467..8295f4e 100644
--- a/matweb/frontend.py
+++ b/matweb/frontend.py
@@ -53,8 +53,12 @@ def upload_file():
         if not uploaded_file.filename:
             flash('No selected file')
             return redirect(request.url)
+        try:
+            filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
+        except ValueError:
+            flash('Invalid Filename')
+            return redirect(request.url)
 
-        filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER'])
         parser, mime = utils.get_file_parser(filepath)
 
         if parser is None:
-- 
cgit v1.3