Upstream/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2024-06-26 10:35:18 +02:00
Code Issues Projects Releases Wiki Activity

Verify rel_path output is relative (#4247)

Browse Source
This commit is contained in:
Paulus Schoutsen 2023-02-08 20:20:30 -05:00 committed by GitHub
parent 2fbd33267e
commit 17ea0efb08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
esphome/dashboard/dashboard.py
View File

@ -55,6 +55,7 @@ class DashboardSettings:
self.using_password = False
self.on_ha_addon = False
self.cookie_secret = None
self.absolute_config_dir = None
def parse_args(self, args):
self.on_ha_addon = args.ha_addon
@ -65,6 +66,7 @@ class DashboardSettings:
if self.using_password:
self.password_hash = password_hash(password)
self.config_dir = args.configuration
self.absolute_config_dir = Path(self.config_dir).resolve()
@property
def relative_url(self):
@ -94,7 +96,10 @@ class DashboardSettings:
return hmac.compare_digest(self.password_hash, password_hash(password))
def rel_path(self, *args):
return os.path.join(self.config_dir, *args)
joined_path = os.path.join(self.config_dir, *args)
# Raises ValueError if not relative to ESPHome config folder
Path(joined_path).resolve().relative_to(self.absolute_config_dir)
return joined_path
def list_yaml_files(self):
return util.list_yaml_files([self.config_dir])