EasyAI代码托管平台

mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-06-26 17:59:54 +08:00

History

nahcmon 88a5a1862e Fix ValueError in /view and /upload/mask when subfolder is on a different drive os.path.commonpath raises ValueError when comparing paths that don't share a drive (e.g. on Windows when output_dir is on C: and the resolved subfolder ends up on D:), so a malicious or malformed `subfolder` query/field crashed these handlers with an unhandled exception instead of returning 403. Extract the check into is_path_within_directory(), which treats a different-drive ValueError as "not within" and returns False, restoring the intended 403 response. Fixes #1488	2026-06-08 17:59:54 +02:00
..
test_cache_control.py	fix: use no-store cache headers to prevent stale frontend chunks (#12911 )	2026-03-14 18:25:09 -04:00
test_is_path_within_directory.py	Fix ValueError in /view and /upload/mask when subfolder is on a different drive	2026-06-08 17:59:54 +02:00

nahcmon 88a5a1862e Fix ValueError in /view and /upload/mask when subfolder is on a different drive

os.path.commonpath raises ValueError when comparing paths that don't share
a drive (e.g. on Windows when output_dir is on C: and the resolved subfolder
ends up on D:), so a malicious or malformed `subfolder` query/field crashed
these handlers with an unhandled exception instead of returning 403.

Extract the check into is_path_within_directory(), which treats a
different-drive ValueError as "not within" and returns False, restoring the
intended 403 response.

Fixes #1488

2026-06-08 17:59:54 +02:00

test_cache_control.py

fix: use no-store cache headers to prevent stale frontend chunks (#12911 )

2026-03-14 18:25:09 -04:00

test_is_path_within_directory.py

Fix ValueError in /view and /upload/mask when subfolder is on a different drive

2026-06-08 17:59:54 +02:00