ChaoticByte/plaintext-encyclopedia
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow singe dots in page path, fix #1

Browse source
This commit is contained in:
ChaoticByte 2024-08-28 10:25:44 +02:00
parent 97e4cbb158
commit cc536a36b3
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
main.go
View file

@ -30,7 +30,7 @@ func handleApplication(w http.ResponseWriter, req *http.Request) {
var err error var err error
entryName := strings.Trim(req.URL.Path, "/") entryName := strings.Trim(req.URL.Path, "/")
if entryName != "" { if entryName != "" {
if strings.Contains(entryName, "/") || strings.Contains(entryName, ".") { if strings.Contains(entryName, "/") || strings.Contains(entryName, "..") {
// path traversal // path traversal
logger.Println("Possible path traversal attempt from", req.RemoteAddr, "to", entryName) logger.Println("Possible path traversal attempt from", req.RemoteAddr, "to", entryName)
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)