From 4b65206e6b8e19ef7696a8f7daaad3a441aa352e Mon Sep 17 00:00:00 2001 From: Matthias Date: Mon, 16 Aug 2021 07:08:50 +0200 Subject: [PATCH] Add compat code for is_relative_to --- freqtrade/rpc/api_server/web_ui.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/freqtrade/rpc/api_server/web_ui.py b/freqtrade/rpc/api_server/web_ui.py index 0168930cf..9aae0afae 100644 --- a/freqtrade/rpc/api_server/web_ui.py +++ b/freqtrade/rpc/api_server/web_ui.py @@ -29,6 +29,15 @@ async def ui_version(): } +def is_relative_to(path, base) -> bool: + # Helper function simulating behaviour of is_relative_to, which was only added in python 3.9 + try: + path.relative_to(base) + except ValueError: + pass + return False + + @router_ui.get('/{rest_of_path:path}', include_in_schema=False) async def index_html(rest_of_path: str): """ @@ -40,7 +49,7 @@ async def index_html(rest_of_path: str): filename = uibase / rest_of_path # It's security relevant to check "relative_to". # Without this, Directory-traversal is possible. - if filename.is_file() and filename.is_relative_to(uibase): + if filename.is_file() and is_relative_to(filename, uibase): return FileResponse(str(filename)) index_file = uibase / 'index.html'