indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

More bad strings

main
bashrc 2026-02-05 22:48:07 +00:00
parent 5f1b7df5d0
commit 372753db5c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
utils.py
View File

@ -3991,7 +3991,8 @@ def check_bad_path(path: str):
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e', bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
'/sftp.', '/sftp-', '/statistics', '/sftp.', '/sftp-', '/statistics',
'/config/', 'settings.', 'credentials') '/config/', 'settings.', 'credentials',
'/packs/', '/backend/', '/apis/')
# allow /.well-known/... # allow /.well-known/...
if '/.' in path_lower: if '/.' in path_lower: