Use normalpath() with base_path to avoid abort(404).

e.g: >>> op.normpath(directory).startswith(base_path) False >>> op.normpath(directory) u'/home/projects/mywebsite/static/utils' >>> base_path u'/home/projects/mywebsite/admin/../static' >>> base_path = op.normpath(base_path) >>> op.normpath(directory).startswith(base_path) True

Use normalpath() with base_path to avoid abort(404).
e.g: >>> op.normpath(directory).startswith(base_path) False >>> op.normpath(directory) u'/home/projects/mywebsite/static/utils' >>> base_path u'/home/projects/mywebsite/admin/../static' >>> base_path = op.normpath(base_path) >>> op.normpath(directory).startswith(base_path) True
8b6b380b · Salem Harrache · 87599455 · 8b6b380b
Commit 8b6b380b authored Jul 22, 2012 by Salem Harrache
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fileadmin.py flask_admin/contrib/fileadmin.py +1 -1

No files found.
--- a/flask_admin/contrib/fileadmin.py
+++ b/flask_admin/contrib/fileadmin.py
@@ -176,7 +176,7 @@ class FileAdmin(BaseView):
            Return base path. Override to customize behavior (per-user
            directories, etc)
        """
-        return self.base_path
+        return op.normpath(self.base_path)
    def get_base_url(self):
        """