wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-01-25 22:00:19 +08:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

Merge branch 'comfyanonymous:master' into master

Browse Source
This commit is contained in:
patientx 2025-01-19 02:40:53 +03:00 committed by GitHub
commit 8ee302c9dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
comfy/samplers.py
View File

@ -12,7 +12,6 @@ import collections
from comfy import model_management from comfy import model_management
import math import math
import logging import logging
import comfy.samplers
import comfy.sampler_helpers import comfy.sampler_helpers
import comfy.model_patcher import comfy.model_patcher
import comfy.patcher_extension import comfy.patcher_extension
@ -178,7 +177,7 @@ def finalize_default_conds(model: 'BaseModel', hooked_to_run: dict[comfy.hooks.H
cond = default_conds[i] cond = default_conds[i]
for x in cond: for x in cond:
# do get_area_and_mult to get all the expected values # do get_area_and_mult to get all the expected values
p = comfy.samplers.get_area_and_mult(x, x_in, timestep) p = get_area_and_mult(x, x_in, timestep)
if p is None: if p is None:
continue continue
# replace p's mult with calculated mult # replace p's mult with calculated mult
@ -215,7 +214,7 @@ def _calc_cond_batch(model: 'BaseModel', conds: list[list[dict]], x_in: torch.Te
default_c.append(x) default_c.append(x)
has_default_conds = True has_default_conds = True
continue continue
p = comfy.samplers.get_area_and_mult(x, x_in, timestep) p = get_area_and_mult(x, x_in, timestep)
if p is None: if p is None:
continue continue
if p.hooks is not None: if p.hooks is not None:

6
server.py
View File

@ -329,6 +329,9 @@ class PromptServer():
original_ref = json.loads(post.get("original_ref")) original_ref = json.loads(post.get("original_ref"))
filename, output_dir = folder_paths.annotated_filepath(original_ref['filename']) filename, output_dir = folder_paths.annotated_filepath(original_ref['filename'])
if not filename:
return web.Response(status=400)
# validation for security: prevent accessing arbitrary path # validation for security: prevent accessing arbitrary path
if filename[0] == '/' or '..' in filename: if filename[0] == '/' or '..' in filename:
return web.Response(status=400) return web.Response(status=400)
@ -370,6 +373,9 @@ class PromptServer():
filename = request.rel_url.query["filename"] filename = request.rel_url.query["filename"]
filename,output_dir = folder_paths.annotated_filepath(filename) filename,output_dir = folder_paths.annotated_filepath(filename)
if not filename:
return web.Response(status=400)
# validation for security: prevent accessing arbitrary path # validation for security: prevent accessing arbitrary path
if filename[0] == '/' or '..' in filename: if filename[0] == '/' or '..' in filename:
return web.Response(status=400) return web.Response(status=400)