liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: prevent upload bypass via uppercase path

Browse Source
This commit is contained in:
Nicolas Giard 2022-01-29 18:45:51 -05:00 committed by GitHub
parent cab16ee844
commit 7b14b39de0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/helpers/security.js
View File

@ -32,7 +32,7 @@ module.exports = {
token = req.cookies['jwt'] token = req.cookies['jwt']
} }
// Force uploads to use Auth headers // Force uploads to use Auth headers
if (req.path === '/u') { if (req.path.toLowerCase() === '/u') {
return null return null
} }
return token return token