From 8b0a85a14348f0493fadf2638cee231afab506e7 Mon Sep 17 00:00:00 2001 From: Daniel Markstedt Date: Tue, 31 Jan 2023 15:08:38 -0800 Subject: [PATCH] Don't show user controlled string in UI (#1087) --- python/web/src/web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/web/src/web.py b/python/web/src/web.py index 38f7b6a6..c0b780a5 100644 --- a/python/web/src/web.py +++ b/python/web/src/web.py @@ -998,7 +998,7 @@ def upload_file(): elif destination == "piscsi_config": destination_dir = CFG_DIR else: - return make_response(f"Invalid destination '{destination}'", 403) + return make_response("Invalid destination", 403) return upload_with_dropzonejs(destination_dir)