diff --git a/CTFd/admin.py b/CTFd/admin.py index fb54a4e4..6f72410d 100644 --- a/CTFd/admin.py +++ b/CTFd/admin.py @@ -182,6 +182,7 @@ def admin_css(): return "1" return "0" + @admin.route('/admin/pages', defaults={'route': None}, methods=['GET', 'POST']) @admin.route('/admin/pages/', methods=['GET', 'POST']) @admins_only @@ -274,6 +275,8 @@ def delete_container(container_id): @admins_only def new_container(): name = request.form.get('name') + if not name.isalpha(): + return redirect('/admin/containers') buildfile = request.form.get('buildfile') files = request.files.getlist('files[]') create_image(name=name, buildfile=buildfile, files=files) diff --git a/CTFd/utils.py b/CTFd/utils.py index 3f2bcd4c..6ec60d5f 100644 --- a/CTFd/utils.py +++ b/CTFd/utils.py @@ -413,8 +413,9 @@ def create_image(name, buildfile, files): tmpfile.close() for f in files: - filename = os.path.basename(f.filename) - f.save(os.path.join(folder, filename)) + if f.filename.strip(): + filename = os.path.basename(f.filename) + f.save(os.path.join(folder, filename)) # repository name component must match "[a-z0-9](?:-*[a-z0-9])*(?:[._][a-z0-9](?:-*[a-z0-9])*)*" # docker build -f tmpfile.name -t name try: @@ -425,6 +426,7 @@ def create_image(name, buildfile, files): db.session.add(container) db.session.commit() db.session.close() + rmdir(folder) return True except subprocess.CalledProcessError: return False @@ -443,8 +445,11 @@ def run_image(name): try: info = json.loads(subprocess.check_output(['docker', 'inspect', '--type=image', name])) - ports_asked = info[0]['Config']['ExposedPorts'].keys() - ports_asked = [int(re.sub('[A-Za-z/]+', '', port)) for port in ports_asked] + try: + ports_asked = info[0]['Config']['ExposedPorts'].keys() + ports_asked = [int(re.sub('[A-Za-z/]+', '', port)) for port in ports_asked] + except KeyError: + ports_asked = [] cmd = ['docker', 'run', '-d'] for port in ports_asked: