vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-05-03 06:00:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

better filename check

Browse source
This commit is contained in:
linkliti 2026-01-24 21:54:21 +03:00
parent c4846e7e9d
commit e5669daf67
9 changed files with 75 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
python/api/api_message.py
View file

@ -6,7 +6,7 @@ from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files, projects
from python.helpers.print_style import PrintStyle
from python.helpers.projects import activate_project
from werkzeug.utils import secure_filename
from python.helpers.security import safe_filename
from initialize import initialize_agent
import threading
@ -57,9 +57,9 @@ class ApiMessage(ApiHandler):
continue
try:
filename = secure_filename(attachment["filename"])
filename = safe_filename(attachment["filename"])
if not filename:
continue
raise ValueError("Invalid filename")
# Decode base64 content
file_content = base64.b64decode(attachment["base64"])

1
python/api/chat_files_path_get.py
View file

@ -1,7 +1,6 @@
from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files, memory, notification, projects, notification, runtime
import os
from werkzeug.utils import secure_filename
class GetChatFilesPath(ApiHandler):

6
python/api/import_knowledge.py
View file

@ -1,7 +1,7 @@
from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files, memory
import os
from werkzeug.utils import secure_filename
from python.helpers.security import safe_filename
class ImportKnowledge(ApiHandler):
@ -32,7 +32,9 @@ class ImportKnowledge(ApiHandler):
for file in file_list:
if file and file.filename:
filename = secure_filename(file.filename) # type: ignore
filename = safe_filename(file.filename)
if not filename:
continue
file.save(os.path.join(KNOWLEDGE_FOLDER, filename))
saved_filenames.append(filename)

1
python/api/knowledge_reindex.py
View file

@ -1,7 +1,6 @@
from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files, memory, notification, projects, notification
import os
from werkzeug.utils import secure_filename
class ReindexKnowledge(ApiHandler):

6
python/api/message.py
View file

@ -3,7 +3,7 @@ from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files, extension
import os
from werkzeug.utils import secure_filename
from python.helpers.security import safe_filename
from python.helpers.defer import DeferredTask
from python.helpers.print_style import PrintStyle
@ -37,7 +37,9 @@ class Message(ApiHandler):
for attachment in attachments:
if attachment.filename is None:
continue
filename = secure_filename(attachment.filename)
filename = safe_filename(attachment.filename)
if not filename:
continue
save_path = files.get_abs_path(upload_folder_ext, filename)
attachment.save(save_path)
attachment_paths.append(os.path.join(upload_folder_int, filename))

8
python/api/upload.py
View file

@ -1,6 +1,6 @@
from python.helpers.api import ApiHandler, Request, Response
from python.helpers import files
from werkzeug.utils import secure_filename
from python.helpers.security import safe_filename
class UploadFile(ApiHandler):
@ -13,7 +13,11 @@ class UploadFile(ApiHandler):
for file in file_list:
if file and self.allowed_file(file.filename): # Check file type
filename = secure_filename(file.filename) # type: ignore
if not file.filename:
continue
filename = safe_filename(file.filename)
if not filename:
continue
file.save(files.get_abs_path("tmp/upload", filename))
saved_filenames.append(filename)