apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

API: Add short url validation (#38436)

Browse Source 
* Add short url validation
Path should not contain string ../

* Update pkg/api/short_url.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
pull/36282/head
idafurjes 4 years ago committed by GitHub
parent 0b945f3db4
commit 7faea40674
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      pkg/api/short_url.go

4
pkg/api/short_url.go
Unescape View File

@ -23,6 +23,10 @@ func (hs *HTTPServer) createShortURL(c *models.ReqContext, cmd dtos.CreateShortU
hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Path should be relative", nil)
}
if strings.Contains(cmd.Path, "../") {
hs.log.Error("Invalid short URL path", "path", cmd.Path)
return response.Error(400, "Invalid path", nil)
}
shortURL, err := hs.ShortURLService.CreateShortURL(c.Req.Context(), c.SignedInUser, cmd.Path)
if err != nil {

Write Preview
Loading…
Cancel
Save