api, browse: Ensure to sanitize filename passed to django FileResponse (!974) · Merge requests · Platform / Development / swh-web · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption, please take a look at our documentation.

Antoine Lambert requested to merge generated-differential-D8945-source into generated-differential-D8945-target Dec 07, 2022

Django might try to access the file if the value provided to the filename query parameter of associated views is an absolute path.

Fixes SWH-WEBAPP-4B9

Migrated from D8945 (view on Phabricator)