From b2d730a9d72ed40ed1e870dad95b3de8c2df5f39 Mon Sep 17 00:00:00 2001 From: Heitor Polidoro Date: Tue, 16 Jan 2024 16:11:06 -0300 Subject: [PATCH] security 2 --- app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app.py b/app.py index ecc81fe..a3be610 100644 --- a/app.py +++ b/app.py @@ -59,10 +59,10 @@ def index(): @app.route("/", methods=["GET"]) def file(filename): """Convert a md file into HTML and return it""" - allowed_files = ["README.md", "pull-request.md"] + allowed_files = {f: f for f in ["README.md", "pull-request.md"]} if filename not in allowed_files: abort(404) - with open(filename) as f: + with open(allowed_files[filename]) as f: md = f.read() body = markdown.markdown(md) title = "Bartholomew Smith"