tildeverse
/
tilde.chat
4
1
Fork 25
Code Issues Pull Requests 1 Releases Wiki Activity

validate page parameter to be a local filename #58

Merged
khuxkm merged 1 commits from alexlehm/tilde.chat:validate-page-param into master 2023-01-27 05:13:19 +00:00
Conversation 1 Commits 1 Files Changed 1 +13 -3
alexlehm commented 2023-01-26 18:41:58 +00:00
Contributor
Copy Link

the page parameter is taken directly as a filename, this would work to leave the local directory by doing page=../README for example. I added validation for the string.

This is not a security issue I think, but it is still better to validate.

the page parameter is taken directly as a filename, this would work to leave the local directory by doing page=../README for example. I added validation for the string. This is not a security issue I think, but it is still better to validate.
alexlehm added 1 commit 2023-01-26 18:41:59 +00:00
continuous-integration/drone/pr Build encountered an error Details
c2ec0439df validate page parameter to be a local filename
khuxkm merged commit bbfaf5b97a into master 2023-01-27 05:13:19 +00:00
khuxkm commented 2023-01-27 05:13:29 +00:00
Owner
Copy Link

thanks for the fix!

thanks for the fix!
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: tildeverse/tilde.chat#58
No description provided.
Delete Branch "alexlehm/tilde.chat:validate-page-param"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?