EasyAI代码托管平台

wangbo/ComfyUI

Fork 0

mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-06-26 17:59:54 +08:00

Commit Graph

Author	SHA1	Message	Date
nahcmon	88a5a1862e	Fix ValueError in /view and /upload/mask when subfolder is on a different drive os.path.commonpath raises ValueError when comparing paths that don't share a drive (e.g. on Windows when output_dir is on C: and the resolved subfolder ends up on D:), so a malicious or malformed `subfolder` query/field crashed these handlers with an unhandled exception instead of returning 403. Extract the check into is_path_within_directory(), which treats a different-drive ValueError as "not within" and returns False, restoring the intended 403 response. Fixes #1488	2026-06-08 17:59:54 +02:00

Author

SHA1

Message

Date

nahcmon

88a5a1862e

Fix ValueError in /view and /upload/mask when subfolder is on a different drive

os.path.commonpath raises ValueError when comparing paths that don't share
a drive (e.g. on Windows when output_dir is on C: and the resolved subfolder
ends up on D:), so a malicious or malformed `subfolder` query/field crashed
these handlers with an unhandled exception instead of returning 403.

Extract the check into is_path_within_directory(), which treats a
different-drive ValueError as "not within" and returns False, restoring the
intended 403 response.

Fixes #1488

2026-06-08 17:59:54 +02:00

1 Commits