Spaces:
Sleeping
Sleeping
| import gradio as gr | |
| import json | |
| # Sample data with HuggingFace image URLs that redirect to cas-bridge-direct.xethub.hf.co | |
| sample_loras = [ | |
| { | |
| "image": "https://huggingface.co/Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style/resolve/main/08a19840b6214b76b0607b2f9d5a7e28_63159b9d98124c008efb1d36446a615c.png", | |
| "title": "Paper Cutout", | |
| "repo": "Norod78/Flux_1_Dev_LoRA_Paper-Cutout-Style", | |
| "trigger_word": ", Paper Cutout Style" | |
| } | |
| ] | |
| def add_custom_lora_broken(custom_lora, selected_indices, current_loras, gallery): | |
| """This version breaks because it passes current_loras (containing HF URLs) as function input""" | |
| print("Starting to load a custom LoRA...") # This won't print due to preprocessing error | |
| if custom_lora: | |
| pass | |
| return current_loras, gr.update(), gr.update(), gr.update(), selected_indices | |
| # Initialize state with URLs that will cause SSRF validation issues | |
| loras_state = gr.State(sample_loras) | |
| with gr.Blocks() as demo: | |
| gr.Markdown("# SSRF Validation Bug Reproduction") | |
| selected_indices = gr.State([]) | |
| custom_lora_input = gr.Textbox(label="Custom LoRA", placeholder="Enter custom LoRA") | |
| gallery = gr.Gallery( | |
| [(item["image"], item["title"]) for item in sample_loras], | |
| label="LoRA Gallery", | |
| columns=2 | |
| ) | |
| broken_button = gr.Button("Add Custom LoRA (Broken - passes state with URLs)") | |
| error_display = gr.Textbox(label="Error/Success", interactive=False) | |
| broken_button.click( | |
| add_custom_lora_broken, | |
| inputs=[custom_lora_input, selected_indices, loras_state, gallery], # ← loras_state causes SSRF error | |
| outputs=[loras_state, gallery, error_display, custom_lora_input, selected_indices] | |
| ) | |
| if __name__ == "__main__": | |
| # Set global variable for working version | |
| loras = sample_loras | |
| demo.launch() |