From 8ecdb41078cfaf54fa0be66d54cf6e3911936b68 Mon Sep 17 00:00:00 2001 From: oobabooga Date: Fri, 3 Apr 2026 19:36:50 -0300 Subject: [PATCH] fix(security): sanitize filenames in all prompt file operations (CWE-22) (#7462) --------- Co-authored-by: Alex Chen --- modules/prompts.py | 2 ++ modules/ui_default.py | 5 ++++- modules/ui_notebook.py | 6 +++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/prompts.py b/modules/prompts.py index d107ce5a..85dc32e3 100644 --- a/modules/prompts.py +++ b/modules/prompts.py @@ -1,6 +1,7 @@ from pathlib import Path from modules import shared, utils +from modules.utils import sanitize_filename from modules.text_generation import get_encoded_length @@ -18,6 +19,7 @@ def load_prompt(fname): return initial_content + fname = sanitize_filename(fname) file_path = shared.user_data_dir / 'logs' / 'notebook' / f'{fname}.txt' if file_path.exists(): with open(file_path, 'r', encoding='utf-8') as f: diff --git a/modules/ui_default.py b/modules/ui_default.py index 2c367cca..48cb2fc2 100644 --- a/modules/ui_default.py +++ b/modules/ui_default.py @@ -10,7 +10,7 @@ from modules.text_generation import ( stop_everything_event ) from modules.ui_notebook import store_notebook_state_and_debounce -from modules.utils import gradio +from modules.utils import gradio, sanitize_filename inputs = ('textbox-default', 'interface_state') outputs = ('output_textbox', 'html-default') @@ -167,6 +167,7 @@ def handle_new_prompt(): def handle_delete_prompt_confirm_default(prompt_name): + prompt_name = sanitize_filename(prompt_name) available_prompts = utils.get_available_prompts() current_index = available_prompts.index(prompt_name) if prompt_name in available_prompts else 0 @@ -199,6 +200,8 @@ def handle_rename_prompt_click_default(current_name): def handle_rename_prompt_confirm_default(new_name, current_name): + new_name = sanitize_filename(new_name) + current_name = sanitize_filename(current_name) old_path = shared.user_data_dir / "logs" / "notebook" / f"{current_name}.txt" new_path = shared.user_data_dir / "logs" / "notebook" / f"{new_name}.txt" diff --git a/modules/ui_notebook.py b/modules/ui_notebook.py index f550e646..88f00ac5 100644 --- a/modules/ui_notebook.py +++ b/modules/ui_notebook.py @@ -11,7 +11,7 @@ from modules.text_generation import ( get_token_ids, stop_everything_event ) -from modules.utils import gradio +from modules.utils import gradio, sanitize_filename _notebook_file_lock = threading.Lock() _notebook_auto_save_timer = None @@ -202,6 +202,7 @@ def handle_new_prompt(): def handle_delete_prompt_confirm_notebook(prompt_name): + prompt_name = sanitize_filename(prompt_name) available_prompts = utils.get_available_prompts() current_index = available_prompts.index(prompt_name) if prompt_name in available_prompts else 0 @@ -233,6 +234,8 @@ def handle_rename_prompt_click_notebook(current_name): def handle_rename_prompt_confirm_notebook(new_name, current_name): + new_name = sanitize_filename(new_name) + current_name = sanitize_filename(current_name) old_path = shared.user_data_dir / "logs" / "notebook" / f"{current_name}.txt" new_path = shared.user_data_dir / "logs" / "notebook" / f"{new_name}.txt" @@ -249,6 +252,7 @@ def handle_rename_prompt_confirm_notebook(new_name, current_name): def autosave_prompt(text, prompt_name): """Automatically save the text to the selected prompt file""" + prompt_name = sanitize_filename(prompt_name) if prompt_name and text.strip(): prompt_path = shared.user_data_dir / "logs" / "notebook" / f"{prompt_name}.txt" prompt_path.parent.mkdir(parents=True, exist_ok=True)