diff --git a/.changeset/busy-things-relax.md b/.changeset/busy-things-relax.md new file mode 100644 index 0000000000..64018a5fca --- /dev/null +++ b/.changeset/busy-things-relax.md @@ -0,0 +1,5 @@ +--- +"gradio": patch +--- + +fix:Bugfix: `..` in filename throwing error while loading in output. diff --git a/gradio/utils.py b/gradio/utils.py index bb12401aaa..b69ad7b22b 100644 --- a/gradio/utils.py +++ b/gradio/utils.py @@ -1,4 +1,4 @@ -""" Handy utility functions. """ +"""Handy utility functions.""" from __future__ import annotations @@ -1006,13 +1006,16 @@ def is_in_or_equal(path_1: str | Path, path_2: str | Path): True if path_1 is a descendant (i.e. located within) path_2 or if the paths are the same, returns False otherwise. Parameters: - path_1: str or Path (should be a file) - path_2: str or Path (can be a file or directory) + path_1: str or Path (to file or directory) + path_2: str or Path (to file or directory) """ path_1, path_2 = abspath(path_1), abspath(path_2) try: - if ".." in str(path_1.relative_to(path_2)): # prevent path traversal - return False + relative_path = path_1.relative_to(path_2) + if str(relative_path) == ".": + return True + relative_path = path_1.parent.relative_to(path_2) + return ".." not in str(relative_path) except ValueError: return False return True diff --git a/test/test_utils.py b/test/test_utils.py index b1ce641cd3..324aae34f3 100644 --- a/test/test_utils.py +++ b/test/test_utils.py @@ -423,6 +423,7 @@ def test_tex2svg_preserves_matplotlib_backend(): def test_is_in_or_equal(): assert is_in_or_equal("files/lion.jpg", "files/lion.jpg") assert is_in_or_equal("files/lion.jpg", "files") + assert is_in_or_equal("files/lion.._M.jpg", "files") assert not is_in_or_equal("files", "files/lion.jpg") assert is_in_or_equal("/home/usr/notes.txt", "/home/usr/") assert not is_in_or_equal("/home/usr/subdirectory", "/home/usr/notes.txt")