diff options
author | David Lord <davidism@gmail.com> | 2023-02-02 10:18:14 -0800 |
---|---|---|
committer | David Lord <davidism@gmail.com> | 2023-02-02 10:18:14 -0800 |
commit | 8bc1b0a738dc9a3a66ca2d18d7f673254614a4d5 (patch) | |
tree | ed4a594625112ec4fcfb857a0d1422e0915644d3 /src/werkzeug/utils.py | |
parent | 5c471bece54c801b1cc8e64c5a42891b330b4a88 (diff) | |
download | werkzeug-8bc1b0a738dc9a3a66ca2d18d7f673254614a4d5.tar.gz |
render send_from_directory docs
clarify that the directory must not be user provided
Diffstat (limited to 'src/werkzeug/utils.py')
-rw-r--r-- | src/werkzeug/utils.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/werkzeug/utils.py b/src/werkzeug/utils.py index 1a5df63a..4ef58371 100644 --- a/src/werkzeug/utils.py +++ b/src/werkzeug/utils.py @@ -352,7 +352,7 @@ def send_file( Never pass file paths provided by a user. The path is assumed to be trusted, so a user could craft a path to access a file you didn't - intend. + intend. Use :func:`send_from_directory` to safely serve user-provided paths. If the WSGI server sets a ``file_wrapper`` in ``environ``, it is used, otherwise Werkzeug's built-in wrapper is used. Alternatively, @@ -562,9 +562,10 @@ def send_from_directory( If the final path does not point to an existing regular file, returns a 404 :exc:`~werkzeug.exceptions.NotFound` error. - :param directory: The directory that ``path`` must be located under. - :param path: The path to the file to send, relative to - ``directory``. + :param directory: The directory that ``path`` must be located under. This *must not* + be a value provided by the client, otherwise it becomes insecure. + :param path: The path to the file to send, relative to ``directory``. This is the + part of the path provided by the client, which is checked for security. :param environ: The WSGI environ for the current request. :param kwargs: Arguments to pass to :func:`send_file`. |