From 8684719b1387fab13a95007288c5b019000c6100 Mon Sep 17 00:00:00 2001 From: Dale Wahl Date: Thu, 28 Sep 2023 11:17:40 +0200 Subject: [PATCH] get_result() revert; use `send_from_directory` to ensure only files in data dir can be served. --- webtool/views/views_dataset.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/webtool/views/views_dataset.py b/webtool/views/views_dataset.py index 91086b8ff..1bf55a156 100644 --- a/webtool/views/views_dataset.py +++ b/webtool/views/views_dataset.py @@ -158,7 +158,7 @@ def show_results(page): """ -@app.route('/result/') +@app.route('/result/') def get_result(query_file): """ Get dataset result file @@ -167,8 +167,7 @@ def get_result(query_file): :return: Result file :rmime: text/csv """ - path = config.get('PATH_ROOT').joinpath(config.get('PATH_DATA')).joinpath(query_file) - return send_from_directory(directory=path.parent, path=path.name) + return send_from_directory(directory=config.get('PATH_ROOT').joinpath(config.get('PATH_DATA')), path=query_file) @app.route('/mapped-result//')