IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-15 19:22:34 -06:00
Code Issues Packages Projects Releases Wiki Activity

API: Add short url validation (#38436)

Browse Source 
* Add short url validation
Path should not contain string ../

* Update pkg/api/short_url.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
This commit is contained in:
idafurjes 2021-08-26 09:07:27 +02:00 committed by GitHub
parent 0b945f3db4
commit 7faea40674
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/short_url.go
View File

@ -23,6 +23,10 @@ func (hs *HTTPServer) createShortURL(c *models.ReqContext, cmd dtos.CreateShortU
hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Path should be relative", nil)
}
if strings.Contains(cmd.Path, "../") {
hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Invalid path", nil)
}
shortURL, err := hs.ShortURLService.CreateShortURL(c.Req.Context(), c.SignedInUser, cmd.Path)
if err != nil {