From 101a81966341c0cf261a6eed2df069fc75a4379f Mon Sep 17 00:00:00 2001 From: Franklin-F Date: Fri, 6 Jun 2025 22:58:51 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=9B=BE=E5=83=8F?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E6=8E=A5=E5=8F=A3=E4=B8=AD=E7=9A=84=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=E8=B6=8A=E7=95=8C=E8=AE=BF=E9=97=AE=E5=92=8C=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E4=B8=8D=E5=AD=98=E5=9C=A8=E9=94=99=E8=AF=AF=E5=A4=84?= =?UTF-8?q?=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- screenshots_flask.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/screenshots_flask.py b/screenshots_flask.py index 4406630..88adc77 100644 --- a/screenshots_flask.py +++ b/screenshots_flask.py @@ -10,19 +10,26 @@ SCREENSHOTS_DIR = PROJECT_ROOT / "screenshots" @app.route('/image/') def serve_image(filename): - file_path = SCREENSHOTS_DIR / filename + app = Flask(__name__) - # 防止路径越界访问 - try: - file_path.resolve().relative_to(SCREENSHOTS_DIR.resolve()) - except ValueError: - abort(403, "禁止访问目录外文件") + PROJECT_ROOT = Path(__file__).parent.resolve() + SCREENSHOTS_DIR = PROJECT_ROOT / "screenshots" - if not file_path.exists(): - abort(404, "文件不存在") + @app.route('/image/') + def serve_image(filename): + file_path = SCREENSHOTS_DIR / filename - return send_file(file_path, as_attachment=False) + # 防止路径越界访问 + try: + file_path.resolve().relative_to(SCREENSHOTS_DIR.resolve()) + except ValueError: + abort(403, description=f"禁止访问目录外文件: {file_path.resolve()}") + + if not file_path.exists(): + abort(404, description=f"文件不存在: {file_path.resolve()}") + + return send_file(file_path, as_attachment=False) if __name__ == '__main__': - app.run(host='0.0.0.0', debug=False, port=5000) + app.run(host='0.0.0.0', debug=True, port=5000)