kaiyuan/chatgpt-on-wechat
1
0
Fork 0
mirror of https://github.com/zhayujie/chatgpt-on-wechat.git synced 2026-06-02 00:57:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): prevent path traversal in memory content API

Browse Source
This commit is contained in:
zhayujie
2026-04-01 10:03:58 +08:00
parent 1c336380c0
commit 174ee0cafc
4 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
channel/web/web_channel.py
View File

@@ -1365,6 +1365,8 @@ class MemoryContentHandler:
service = MemoryService(workspace_root)
result = service.get_content(params.filename)
return json.dumps({"status": "success", **result}, ensure_ascii=False)
except ValueError:
return json.dumps({"status": "error", "message": "invalid filename"})
except FileNotFoundError:
return json.dumps({"status": "error", "message": "file not found"})
except Exception as e: