indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Allow well-known

merge-requests/30/head
Bob Mottram 2024-08-03 19:33:04 +01:00
parent 428900c9a0
commit 6e1621ba4d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
utils.py
View File

@ -5510,13 +5510,13 @@ def check_bad_path(path: str):
"""for http GET or POST check that the path looks valid """for http GET or POST check that the path looks valid
""" """
path_lower = path.lower() path_lower = path.lower()
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e')
# allow /.well-known/... # allow /.well-known/...
if '/.' in path_lower and \ if '/.' in path_lower and \
path_lower.startswith('/.well-known/'): path_lower.startswith('/.well-known/'):
return False bad_strings = ('..', '%2e%2e', '%252e%252e')
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e')
if string_contains(path_lower, bad_strings): if string_contains(path_lower, bad_strings):
print('WARN: bad path ' + path) print('WARN: bad path ' + path)
return True return True