Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
S
Stable Diffusion Webui
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
novelai-storage
Stable Diffusion Webui
Commits
268dc9b3
Commit
268dc9b3
authored
Aug 20, 2023
by
akiba
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix potential ssrf attack in #12663
parent
42b72fe2
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
22 additions
and
1 deletion
+22
-1
modules/api/api.py
modules/api/api.py
+22
-1
No files found.
modules/api/api.py
View file @
268dc9b3
...
...
@@ -4,6 +4,8 @@ import os
import
time
import
datetime
import
uvicorn
import
ipaddress
import
requests
import
gradio
as
gr
from
threading
import
Lock
from
io
import
BytesIO
...
...
@@ -56,8 +58,27 @@ def setUpscalers(req: dict):
def
decode_base64_to_image
(
encoding
):
def
verify_url
(
url
):
import
socket
from
urllib.parse
import
urlparse
try
:
parsed_url
=
urlparse
(
url
)
domain_name
=
parsed_url
.
netloc
host
=
socket
.
gethostbyname_ex
(
domain_name
)
for
ip
in
host
[
2
]:
ip_addr
=
ipaddress
.
ip_address
(
ip
)
# https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address.is_global
if
not
ip_addr
.
is_global
:
return
False
except
Exception
:
return
False
return
True
if
encoding
.
startswith
(
"http://"
)
or
encoding
.
startswith
(
"https://"
):
import
requests
if
not
verify_url
(
encoding
):
raise
HTTPException
(
status_code
=
500
,
detail
=
"Invalid image url"
)
response
=
requests
.
get
(
encoding
,
timeout
=
30
,
headers
=
{
'user-agent'
:
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36'
})
try
:
image
=
Image
.
open
(
BytesIO
(
response
.
content
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment