indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check for encoded paths

main
bashrc 2026-04-26 14:05:27 +01:00
parent 73a5c0705a
commit f5cb817d40
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
utils.py
View File

@ -4144,6 +4144,11 @@ def check_bad_path(path: str):
"""
path_lower = path.lower()
if '%' in path:
sections = path.split('%')
if len(sections) > 1:
return True
bad_strings = [
'..', '/.', '%2e%2e', '%252e%252e', '/sftp.', '/sftp-', '/statistics',
'/config/', 'settings.', 'credentials', '/packs/', '/backend/',