Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity
953 Commits 10 Branches 0 Tags
83b0ab7cd326e82c12fac8cd4ce524a8976286e4
Commit Graph

4 Commits

Author SHA1 Message Date
Vykos 83fca6ac62 fix(personal): require document privilege for rag upload (#2990) 2026-06-07 12:56:53 +02:00
Mubashir R 4907b16d9b fix: personal-docs path confinement used abspath, allowing symlink escape (#1728) 
_resolve_allowed_personal_dir confined a user-supplied path to PERSONAL_DIR with
os.path.abspath + os.path.commonpath. abspath normalises `..` but does NOT
resolve symlinks, so a symlink placed inside PERSONAL_DIR pointing outside it
passes the commonpath check and lets index_personal_documents read files outside
the root. Use os.path.realpath for both the base and the candidate so symlinks
are resolved before the confinement check.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-03 13:29:57 +09:00
red person b2e8d692a4 Scope personal RAG uploads by owner (#446) 2026-06-01 22:36:53 +09:00
pewdiepie-archdaemon e5c99a5eee Odysseus v1.0 2026-05-31 23:58:26 +09:00