Mirrors/whitebophir
2
0
Fork 0
mirror of https://github.com/lovasoa/whitebophir synced 2024-11-14 16:27:13 +00:00
Code Issues Projects Releases Packages Wiki Activity
whitebophir/server
History
Ingo Blechschmidt 8d71613e6b
Be more vigilant in validating file names (#36) 
The behavior of `Date.parse` is implementation-dependent and hence
cannot be relied on for security purposes. In particular, the
implementation in Node.js does accept strings such as
`../../../etc/foobar-0` as valid (thanks to the trailing digit).

The failure to properly validate the filename is not exploitable, as
slashes will never be contained in `parts[2]` thanks to the foregoing
`split`, but it is probably still better to have a proper validation in
place.
2020-04-22 23:23:37 +02:00
..
boardData.js Make the application more configurable 2020-04-22 12:53:40 +02:00
configuration.js Make the application more configurable 2020-04-22 12:53:40 +02:00
createSVG.js Make the application more configurable 2020-04-22 12:53:40 +02:00
log.js Improve logging messages 2019-03-21 18:53:54 +01:00
server.js Be more vigilant in validating file names (#36) 2020-04-22 23:23:37 +02:00
sockets.js server: use async functions instead of callbacks 2020-04-12 14:57:41 +02:00
templating.js Improved i18n system 2020-04-22 10:14:12 +02:00
translations.json Improved i18n system 2020-04-22 10:14:12 +02:00