diff --git a/ovos_bus_client/apis/gui.py b/ovos_bus_client/apis/gui.py index e9a76f0..48c4c5e 100644 --- a/ovos_bus_client/apis/gui.py +++ b/ovos_bus_client/apis/gui.py @@ -120,13 +120,13 @@ def _cache_gui_files(self): for framework, bpath in self.ui_directories.items(): if framework == "all": # mostly applies to image files - shutil.copytree(bpath, output_path) + shutil.copytree(bpath, output_path, dirs_exist_ok=True) LOG.debug(f"Copied {self.skill_id} shared GUI resources from {bpath} to {output_path}") continue if not os.path.isdir(bpath): LOG.error(f"invalid '{framework}' resources directory: {bpath}") continue - shutil.copytree(bpath, f"{output_path}/{framework}") + shutil.copytree(bpath, f"{output_path}/{framework}", dirs_exist_ok=True) LOG.debug(f"Copied {self.skill_id} GUI resources from {bpath} to {output_path}/{framework}") def set_bus(self, bus=None): @@ -552,11 +552,6 @@ def _resolve_url(self, url: str) -> str: if url.startswith("http"): return url - # Sanitize the url to prevent path traversal - url = os.path.normpath(url) - if url.startswith("..") or url.startswith("/"): - return url - if not os.path.isfile(url): GUI_CACHE_PATH = get_xdg_cache_save_path('ovos_gui') # Use os.path.join for path construction