Karl/homepage
1
0
Fork 0
mirror of https://github.com/karl0ss/homepage.git synced 2025-04-29 12:03:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

More path traversal fixes

Browse Source
This commit is contained in:
shamoon 2024-06-03 07:03:30 -07:00
parent 8a4c808ee2
commit c96e6703d3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/pages/api/services/proxy.js
View File

@ -47,7 +47,7 @@ export default async function handler(req, res) {
if (!mapping.segments.includes(key)) { if (!mapping.segments.includes(key)) {
logger.debug("Unsupported segment: %s", key); logger.debug("Unsupported segment: %s", key);
return res.status(403).json({ error: "Unsupported segment" }); return res.status(403).json({ error: "Unsupported segment" });
} else if (segments[key].includes("/")) { } else if (segments[key].includes("/") || segments[key].includes("\\") || segments[key].includes("..")) {
logger.debug("Unsupported segment value: %s", segments[key]); logger.debug("Unsupported segment value: %s", segments[key]);
return res.status(403).json({ error: "Unsupported segment value" }); return res.status(403).json({ error: "Unsupported segment value" });
} }