Removed duplicated mediasrv.py security check and fixed invalid

command/path error message.
2025-09-18 14:02:21 -04:00 · 2020-07-02 20:22:20 -03:00 · 2020-07-02 20:22:20 -03:00 · a99e455414
commit a99e455414
parent 1218d109e8
1 changed files with 1 additions and 8 deletions
--- a/qt/aqt/mediasrv.py
+++ b/qt/aqt/mediasrv.py
@ -126,13 +126,6 @@ def allroutes(pathin):

    try:
        if flask.request.method == "POST":
-            if not pathin.startswith("_anki/"):
-                return flask.Response(
-                    "Path for '%s - %s' is a security leak!" % (directory, path),
-                    status=HTTPStatus.FORBIDDEN,
-                    mimetype="text/plain",
-                )
-
            if path == "graphData":
                body = request.data
                data = graph_data(allroutes.mw.col, **from_json_bytes(body))
@ -140,7 +133,7 @@ def allroutes(pathin):
                data = allroutes.mw.col.backend.i18n_resources()
            else:
                return flask.Response(
-                    "Path for '%s - %s' is a security leak!" % (directory, path),
+                    "Post request to '%s - %s' is a security leak!" % (directory, path),
                    status=HTTPStatus.FORBIDDEN,
                    mimetype="text/plain",
                )