From ac6dd8e29cf2a681a28ba3d816841c96103961bc Mon Sep 17 00:00:00 2001 From: Daniel Markstedt Date: Wed, 25 Oct 2023 20:58:04 +0900 Subject: [PATCH] Explicitly strip newlines from chunks when uploading --- python/web/src/web.py | 4 ++-- python/web/src/web_utils.py | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/python/web/src/web.py b/python/web/src/web.py index 6829b3d427..a14a4263de 100644 --- a/python/web/src/web.py +++ b/python/web/src/web.py @@ -55,7 +55,7 @@ auth_active, is_bridge_configured, is_safe_path, - upload_with_dropzonejs, + upload_to_dir, browser_supports_modern_themes, ) from settings import ( @@ -1035,7 +1035,7 @@ def upload_file(): else: return make_response(_("Unknown destination"), 403) - return upload_with_dropzonejs(destination_dir) + return upload_to_dir(destination_dir) @APP.route("/files/create", methods=["POST"]) diff --git a/python/web/src/web_utils.py b/python/web/src/web_utils.py index e8acd00af7..7d928d0ced 100644 --- a/python/web/src/web_utils.py +++ b/python/web/src/web_utils.py @@ -325,7 +325,7 @@ def is_safe_path(file_name): return {"status": True, "msg": ""} -def upload_with_dropzonejs(image_dir): +def upload_to_dir(image_dir): """ Takes (str) image_dir which is the path to the image dir to store files. Opens a stream to transfer a file via the embedded dropzonejs library. @@ -345,7 +345,10 @@ def upload_with_dropzonejs(image_dir): try: with open(save_path, "ab") as save: save.seek(int(request.form["dzchunkbyteoffset"])) - save.write(file_object.stream.read()) + chunk = file_object.stream.read() + # Remove CRLF characters from the end of the chunk + chunk = chunk.rstrip(b"\r\n") + save.write(chunk) except OSError: log.exception("Could not write to file") return make_response(_("Unable to write the file to disk!"), 500)