indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Handle invalid well-known path

main
Bob Mottram 2024-08-05 13:22:30 +01:00
parent 60e5a1d5ba
commit 825f8e2f1b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
utils.py
View File

@ -5535,9 +5535,10 @@ def check_bad_path(path: str):
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e') bad_strings = ('..', '/.', '%2e%2e', '%252e%252e')
# allow /.well-known/... # allow /.well-known/...
if '/.' in path_lower and \ if '/.' in path_lower:
path_lower.startswith('/.well-known/'): if path_lower.startswith('/.well-known/') or \
bad_strings = ('..', '%2e%2e', '%252e%252e') path_lower.startswith('/users/.well-known/'):
bad_strings = ('..', '%2e%2e', '%252e%252e')
if string_contains(path_lower, bad_strings): if string_contains(path_lower, bad_strings):
print('WARN: bad path ' + path) print('WARN: bad path ' + path)