switch to realpath to check path traversal

6daf9bb2 · m957ymj75urz · b1294fa4 · 6daf9bb2
Commit 6daf9bb2 authored Mar 14, 2023 by m957ymj75urz
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

nodes.py nodes.py +1 -1

No files found.
--- a/nodes.py
+++ b/nodes.py
@@ -806,7 +806,7 @@ class SaveImage:
        comfy_output_folder = os.path.join(os.path.dirname(os.path.realpath(__file__)), "output")
        full_output_folder = os.path.join(comfy_output_folder, subfolder) 

-        if os.path.commonpath((comfy_output_folder, os.path.abspath(full_output_folder))) != comfy_output_folder:
+        if os.path.commonpath((comfy_output_folder, os.path.realpath(full_output_folder))) != comfy_output_folder:
            print("Saving image outside the output folder is not allowed.")
            return