oobabooga/text-generation-webui
1
0
Fork 0
mirror of https://github.com/oobabooga/text-generation-webui.git synced 2026-04-04 22:27:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

Security: server-side file save roots, image URL SSRF protection, extension allowlist

Browse source
This commit is contained in:
oobabooga 2026-03-17 22:24:36 -07:00
parent 08ff3f0f90
commit c8bb2129ba
6 changed files with 60 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/chat.py
View file

@ -2634,19 +2634,23 @@ def handle_load_template_click(instruction_template):
def handle_save_template_click(instruction_template_str):
import gradio as gr
contents = generate_instruction_template_yaml(instruction_template_str)
root = str(shared.user_data_dir / 'instruction-templates') + '/'
return [
"My Template.yaml",
str(shared.user_data_dir / 'instruction-templates') + '/',
root,
contents,
root,
gr.update(visible=True)
]
def handle_delete_template_click(template):
import gradio as gr
root = str(shared.user_data_dir / 'instruction-templates') + '/'
return [
f"{template}.yaml",
str(shared.user_data_dir / 'instruction-templates') + '/',
root,
root,
gr.update(visible=False)
]