mirror of https://gitlab.com/bashrc2/epicyon
Special treatment for ghost path
parent
84df19e6bf
commit
2f5f10e897
22
utils.py
22
utils.py
|
|
@ -4077,9 +4077,8 @@ def check_bad_path(path: str):
|
||||||
|
|
||||||
# allow /.well-known/...
|
# allow /.well-known/...
|
||||||
if '/.' in path_lower:
|
if '/.' in path_lower:
|
||||||
if path_lower.startswith('/.well-known/') or \
|
good_starts = ('/.well-known/', '/users/.well-known/')
|
||||||
path_lower.startswith('/users/.well-known/') or \
|
if _string_starts_with(path_lower, good_starts):
|
||||||
path_lower.startswith('/.ghost/activitypub/'):
|
|
||||||
bad_strings = ('..', '%2e%2e', '%252e%252e')
|
bad_strings = ('..', '%2e%2e', '%252e%252e')
|
||||||
|
|
||||||
if path_lower.startswith('/wp-'):
|
if path_lower.startswith('/wp-'):
|
||||||
|
|
@ -4092,6 +4091,14 @@ def check_bad_path(path: str):
|
||||||
if string_ends_with(path_lower, bad_endings):
|
if string_ends_with(path_lower, bad_endings):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
if '/.ghost/activitypub/' in path_lower:
|
||||||
|
# remove '/.'
|
||||||
|
bad_strings = ('..', '%2e%2e', '%252e%252e',
|
||||||
|
'/sftp.', '/sftp-', '/statistics',
|
||||||
|
'/config/', 'settings.', 'credentials',
|
||||||
|
'/packs/', '/backend/', '/apis/',
|
||||||
|
'/laravel/', '/js/')
|
||||||
|
|
||||||
if string_contains(path_lower, bad_strings):
|
if string_contains(path_lower, bad_strings):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
@ -4121,6 +4128,15 @@ def set_premium_account(base_dir: str, nickname: str, domain: str,
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
def _string_starts_with(text: str, possible_begin: []) -> bool:
|
||||||
|
""" Does the given text start with at least one of the beginnings
|
||||||
|
"""
|
||||||
|
for start_str in possible_begin:
|
||||||
|
if text.startswith(start_str):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
def string_ends_with(text: str, possible_endings: []) -> bool:
|
def string_ends_with(text: str, possible_endings: []) -> bool:
|
||||||
""" Does the given text end with at least one of the endings
|
""" Does the given text end with at least one of the endings
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue