ChaoticByte/drinks-manager
1
1
Fork 0
Code Issues Pull requests Projects Releases 20 Packages Wiki Activity Actions

The application now correctly encodes the url query string for the profile-picture name (for security reasons), removed a left-over print-statement

Browse source
This commit is contained in:
W13R 2022-11-03 20:45:52 +01:00
parent 9f270c12b4
commit 1e32e2b5dd
3 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
application/app/views.py
View file

@ -124,7 +124,6 @@ def redirect_home(request):
def profile_pictures(request):
if not "name" in request.GET:
return HttpResponse(b"", status=400)
print(request.GET["name"])
ppic_filepath = Path(profile_pictures_path / request.GET["name"]).resolve()
try:
ppic_filepath.relative_to(profile_pictures_path)