From 164d53f5f53a469730a66a0be0af7016c53f2aa5 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 15 Feb 2024 04:55:42 +0300 Subject: Provide only the file name, not full path. There are 2 reasons to provide only the filename and not the full path: * Security: We do not want to inadvertently expose the paths to the outside world, or allow users to enter file system paths for this system. * The code does not assume a complete path, rather, it builds the path to the upload directory using the filename received from the user. --- qc_app/templates/rqtl2/rqtl2-qc-job-results.html | 2 +- qc_app/upload/rqtl2.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qc_app/templates/rqtl2/rqtl2-qc-job-results.html b/qc_app/templates/rqtl2/rqtl2-qc-job-results.html index cfa2a9c..52a230a 100644 --- a/qc_app/templates/rqtl2/rqtl2-qc-job-results.html +++ b/qc_app/templates/rqtl2/rqtl2-qc-job-results.html @@ -55,7 +55,7 @@ {{rqtl2bundleorig}} Internal Name - {{rqtl2bundle.name[0:25]}}… + {{rqtl2bundle[0:25]}}…
diff --git a/qc_app/upload/rqtl2.py b/qc_app/upload/rqtl2.py index 48cb1d2..6a8ab72 100644 --- a/qc_app/upload/rqtl2.py +++ b/qc_app/upload/rqtl2.py @@ -225,7 +225,7 @@ def rqtl2_bundle_qc_status(jobid: UUID): species=species, population=population_by_species_and_id( dbconn, species["SpeciesId"], jobmeta["populationid"]), - rqtl2bundle=Path(jobmeta["rqtl2-bundle-file"]), + rqtl2bundle=Path(jobmeta["rqtl2-bundle-file"]).name, rqtl2bundleorig=jobmeta["original-filename"]) def compute_percentage(thejob, filetype) -> Union[str, None]: -- cgit v1.2.3