1.1 --- a/WebStack/Resources/Static.py Mon May 02 18:52:52 2005 +0000
1.2 +++ b/WebStack/Resources/Static.py Fri May 20 16:39:36 2005 +0000
1.3 @@ -45,8 +45,8 @@
1.4
1.5 # Test for the file's existence.
1.6
1.7 - pathname = os.path.join(self.directory, filename)
1.8 - if not (os.path.exists(pathname) and os.path.isfile(pathname)):
1.9 + pathname = os.path.abspath(os.path.join(self.directory, filename))
1.10 + if not (pathname.startswith(os.path.join(self.directory, "/")) and os.path.exists(pathname) and os.path.isfile(pathname)):
1.11 trans.set_response_code(404)
1.12 trans.set_content_type(ContentType("text/plain"))
1.13 out.write("Resource '%s' not found." % filename)