greggy/lara-schach-live
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code-Review: Path-Traversal-Fix, toten Code entfernt (formatClock, data.error Check), Emoji-Literal korrigiert, Einrückung fix

Browse Source
This commit is contained in:
Martin
2026-05-26 12:47:47 +02:00
parent 352ed480a8
commit 6ba57c3927
3 changed files with 10 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server.py
View File

@@ -199,7 +199,11 @@ class Handler(http.server.BaseHTTPRequestHandler):
if self.path == "/":
self.path = "/index.html"
filepath = os.path.join(BASE_DIR, self.path.lstrip("/"))
filepath = os.path.normpath(os.path.join(BASE_DIR, self.path.lstrip("/")))
if not filepath.startswith(BASE_DIR):
self.send_response(403)
self.end_headers()
return
if os.path.isfile(filepath):
content_types = {
@@ -309,7 +313,7 @@ class Handler(http.server.BaseHTTPRequestHandler):
def main():
print("=" * 50)
print(" [TROPHY] Lara Kiesewetter - Live Schachturnier")
print(" Lara Kiesewetter - Live Schachturnier")
print("=" * 50)
print(f" Server laeuft auf: http://localhost:{PORT}")
if os.path.exists(STOCKFISH_PATH) or STOCKFISH_PATH == "stockfish":
@@ -321,7 +325,7 @@ def main():
socketserver.ThreadingTCPServer.allow_reuse_address = True
with socketserver.ThreadingTCPServer(("", PORT), Handler) as httpd:
print(f"\n[SERVER] Server gestartet: http://localhost:{PORT}\n")
print(f"\n[SERVER] Bereit für Anfragen\n")
try:
httpd.serve_forever()
except KeyboardInterrupt: