diff --git a/comfy/samplers.py b/comfy/samplers.py index c508a3a41..d281ecc19 100644 --- a/comfy/samplers.py +++ b/comfy/samplers.py @@ -12,7 +12,6 @@ import collections from comfy import model_management import math import logging -import comfy.samplers import comfy.sampler_helpers import comfy.model_patcher import comfy.patcher_extension @@ -178,7 +177,7 @@ def finalize_default_conds(model: 'BaseModel', hooked_to_run: dict[comfy.hooks.H cond = default_conds[i] for x in cond: # do get_area_and_mult to get all the expected values - p = comfy.samplers.get_area_and_mult(x, x_in, timestep) + p = get_area_and_mult(x, x_in, timestep) if p is None: continue # replace p's mult with calculated mult @@ -215,7 +214,7 @@ def _calc_cond_batch(model: 'BaseModel', conds: list[list[dict]], x_in: torch.Te default_c.append(x) has_default_conds = True continue - p = comfy.samplers.get_area_and_mult(x, x_in, timestep) + p = get_area_and_mult(x, x_in, timestep) if p is None: continue if p.hooks is not None: diff --git a/server.py b/server.py index bae898ef5..88c163fc7 100644 --- a/server.py +++ b/server.py @@ -329,6 +329,9 @@ class PromptServer(): original_ref = json.loads(post.get("original_ref")) filename, output_dir = folder_paths.annotated_filepath(original_ref['filename']) + if not filename: + return web.Response(status=400) + # validation for security: prevent accessing arbitrary path if filename[0] == '/' or '..' in filename: return web.Response(status=400) @@ -370,6 +373,9 @@ class PromptServer(): filename = request.rel_url.query["filename"] filename,output_dir = folder_paths.annotated_filepath(filename) + if not filename: + return web.Response(status=400) + # validation for security: prevent accessing arbitrary path if filename[0] == '/' or '..' in filename: return web.Response(status=400)