indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Avoid duplication

main
bashrc 2026-04-21 15:45:27 +01:00
parent 19f84344a9
commit c482804b97
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
utils.py
View File

@ -4122,11 +4122,11 @@ def check_bad_path(path: str):
""" """
path_lower = path.lower() path_lower = path.lower()
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e', bad_strings = [
'/sftp.', '/sftp-', '/statistics', '..', '/.', '%2e%2e', '%252e%252e', '/sftp.', '/sftp-', '/statistics',
'/config/', 'settings.', 'credentials', '/config/', 'settings.', 'credentials', '/packs/', '/backend/',
'/packs/', '/backend/', '/apis/', '/apis/', '/laravel/', '/js/', '/root/'
'/laravel/', '/js/', '/root/') ]
# allow /.well-known/... # allow /.well-known/...
if '/.' in path_lower: if '/.' in path_lower:
@ -4145,12 +4145,7 @@ def check_bad_path(path: str):
return True return True
if '/.ghost/activitypub/' in path_lower: if '/.ghost/activitypub/' in path_lower:
# remove '/.' bad_strings.remove('/.')
bad_strings = ('..', '%2e%2e', '%252e%252e',
'/sftp.', '/sftp-', '/statistics',
'/config/', 'settings.', 'credentials',
'/packs/', '/backend/', '/apis/',
'/laravel/', '/js/', '/root/')
if string_contains(path_lower, bad_strings): if string_contains(path_lower, bad_strings):
return True return True