From ac26510f4dc89b480e5275f4a6cca301e353f89d Mon Sep 17 00:00:00 2001 From: Heitor Polidoro Date: Tue, 16 Jan 2024 15:56:46 -0300 Subject: [PATCH] 100% --- app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.py b/app.py index 262dc97..2e41b57 100644 --- a/app.py +++ b/app.py @@ -59,7 +59,7 @@ def index(): @app.route("/", methods=["GET"]) def file(filename): """Convert a md file into HTML and return it""" - if not filename.endswith(".md"): + if not filename.endswith(".md") or "/" in filename: abort(404) with open(filename) as f: md = f.read()