IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

API: Add short url validation (#38436)

Browse Source 
* Add short url validation
Path should not contain string ../

* Update pkg/api/short_url.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
This commit is contained in:
idafurjes
2021-08-26 09:07:27 +02:00
committed by GitHub
parent 0b945f3db4
commit 7faea40674
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/short_url.go
View File

@@ -23,6 +23,10 @@ func (hs *HTTPServer) createShortURL(c *models.ReqContext, cmd dtos.CreateShortU
hs.log.Error("Invalid short URL path", "path", cmd.Path) hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Path should be relative", nil) return response.Error(400, "Path should be relative", nil)
} }
if strings.Contains(cmd.Path, "../") {
hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Invalid path", nil)
}
shortURL, err := hs.ShortURLService.CreateShortURL(c.Req.Context(), c.SignedInUser, cmd.Path) shortURL, err := hs.ShortURLService.CreateShortURL(c.Req.Context(), c.SignedInUser, cmd.Path)
if err != nil { if err != nil {