richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: prevent upload bypass via uppercase path

pull/4985/head 2.5.274
Nicolas Giard 3 years ago
committed by GitHub
parent
cab16ee844
commit
7b14b39de0
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      server/helpers/security.js

2
server/helpers/security.js
View File

@ -32,7 +32,7 @@ module.exports = {
token = req.cookies['jwt']
}
// Force uploads to use Auth headers
if (req.path === '/u') {
if (req.path.toLowerCase() === '/u') {
return null
}
return token

Write Preview
Loading…
Cancel
Save