indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

More bad strings

main
bashrc 2026-02-05 22:51:51 +00:00
parent 372753db5c
commit fd8ce18814
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
utils.py
View File

@ -3992,7 +3992,8 @@ def check_bad_path(path: str):
bad_strings = ('..', '/.', '%2e%2e', '%252e%252e', bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
'/sftp.', '/sftp-', '/statistics', '/sftp.', '/sftp-', '/statistics',
'/config/', 'settings.', 'credentials', '/config/', 'settings.', 'credentials',
'/packs/', '/backend/', '/apis/') '/packs/', '/backend/', '/apis/',
'/laravel/', '/js/')
# allow /.well-known/... # allow /.well-known/...
if '/.' in path_lower: if '/.' in path_lower:
@ -4005,6 +4006,7 @@ def check_bad_path(path: str):
return True return True
if path_lower.endswith('.js') or \ if path_lower.endswith('.js') or \
path_lower.endswith('.py') or \
path_lower.endswith('.php') or \ path_lower.endswith('.php') or \
path_lower.endswith('.bak') or \ path_lower.endswith('.bak') or \
path_lower.endswith('.env') or \ path_lower.endswith('.env') or \