Prevent directory traversal in UI Serving

Checking for directory base closes #5427
2021-08-16 06:45:43 +02:00
parent abddb3ef25
commit 6b2ef36a56
2 changed files with 6 additions and 2 deletions
--- a/tests/rpc/test_rpc_apiserver.py
+++ b/tests/rpc/test_rpc_apiserver.py
@@ -109,6 +109,7 @@ def test_api_ui_fallback(botclient):
    rc = client_get(client, "/something")
    assert rc.status_code == 200

+    # Test directory traversal
    rc = client_get(client, '%2F%2F%2Fetc/passwd')
    assert rc.status_code == 200
    assert '`freqtrade install-ui`' in rc.text