mirror of
https://github.com/blakeblackshear/frigate.git
synced 2025-01-07 00:06:57 +01:00
Ensure deleted export file name is safe (#8089)
* Ensure deleted export file name is safe * Fix import
This commit is contained in:
parent
14d2b79c72
commit
8941aa5311
@ -29,6 +29,7 @@ from peewee import DoesNotExist, fn, operator
|
||||
from playhouse.shortcuts import model_to_dict
|
||||
from playhouse.sqliteq import SqliteQueueDatabase
|
||||
from tzlocal import get_localzone_name
|
||||
from werkzeug.utils import secure_filename
|
||||
|
||||
from frigate.config import FrigateConfig
|
||||
from frigate.const import (
|
||||
@ -1820,7 +1821,8 @@ def export_recording(camera_name: str, start_time, end_time):
|
||||
|
||||
@bp.route("/export/<file_name>", methods=["DELETE"])
|
||||
def export_delete(file_name: str):
|
||||
file = os.path.join(EXPORT_DIR, file_name)
|
||||
safe_file_name = secure_filename(file_name)
|
||||
file = os.path.join(EXPORT_DIR, safe_file_name)
|
||||
|
||||
if not os.path.exists(file):
|
||||
return make_response(
|
||||
|
Loading…
Reference in New Issue
Block a user