Skip to content

api, browse: Ensure to sanitize filename passed to django FileResponse

Django might try to access the file if the value provided to the filename query parameter of associated views is an absolute path.

Fixes SWH-WEBAPP-4B9


Migrated from D8945 (view on Phabricator)

Merge request reports