From b535272043cddc58414a382cf793e8acb1295854 Mon Sep 17 00:00:00 2001 From: Richard Allitt Date: Sat, 16 Nov 2024 09:40:39 +0000 Subject: [PATCH] Use os.path to properly check docroot base path --- control/webapp/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control/webapp/utils.py b/control/webapp/utils.py index b4bc333..928baf4 100644 --- a/control/webapp/utils.py +++ b/control/webapp/utils.py @@ -107,7 +107,7 @@ def validate_domain_docroot(owner, path): top = "societies" base = os.path.join("/public", top, username, "public_html") target = os.path.abspath(os.path.join(base, path)) - if not target.startswith(base): + if os.path.commonpath((base, target)) != base: return path, "Document roots must be inside your public_html directory." elif base == target: return "", "We've cleared your document root as it appears to be your public_html directory."