From d14a52c28761f4cd5dcb7f3b56ffb94405ef05c4 Mon Sep 17 00:00:00 2001 From: Richard Allitt Date: Sat, 16 Nov 2024 09:40:39 +0000 Subject: [PATCH] Use os.path to properly check docroot base path --- control/webapp/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control/webapp/utils.py b/control/webapp/utils.py index 971e65e..1537f35 100644 --- a/control/webapp/utils.py +++ b/control/webapp/utils.py @@ -107,7 +107,7 @@ def validate_domain_docroot(owner, path): top = "societies" base = os.path.join("/public", top, username, "public_html") target = os.path.abspath(os.path.join(base, path)) - if not target.startswith(base): + if os.path.commonpath((base, target)) != base: return path, "Document roots must be inside your public_html directory." elif base == target: return "", "We've cleared your document root as it appears to be your public_html directory."