oobabooga/text-generation-webui
1
0
Fork 0
mirror of https://github.com/oobabooga/text-generation-webui.git synced 2026-04-07 15:43:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

Security: server-side file save roots, image URL SSRF protection, extension allowlist

Browse source
This commit is contained in:
oobabooga 2026-03-17 22:24:36 -07:00
parent 08ff3f0f90
commit c8bb2129ba
6 changed files with 60 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/image_utils.py
View file

@ -77,7 +77,18 @@ def process_message_content(content: Any) -> Tuple[str, List[Image.Image]]:
# Support external URLs
try:
import requests
response = requests.get(image_url, timeout=10)
from urllib.parse import urljoin
from modules.web_search import _validate_url
_validate_url(image_url)
url = image_url
for _ in range(5):
response = requests.get(url, timeout=10, allow_redirects=False)
if response.is_redirect and 'Location' in response.headers:
url = urljoin(url, response.headers['Location'])
_validate_url(url)
else:
break
response.raise_for_status()
image_data = response.content
image = Image.open(io.BytesIO(image_data))