agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-24 01:29:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

[clsi-cache] fix path traversal (#25585)

Browse Source 
* [clsi-cache] fix path traversal

* [clsi-cache] double down on path traversal validation

Co-authored-by: Brian Gough <brian.gough@overleaf.com>

---------

Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 28a6a2024aae81e9b361db7918dc0c5381cd8246
This commit is contained in:
Jakob Ackermann
2025-05-13 13:55:31 +01:00
committed by Copybot
parent e25a69936e
commit eebda2427e
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
services/web/app/src/Features/Compile/ClsiCacheHandler.js
View File

@@ -9,7 +9,15 @@ const Settings = require('@overleaf/settings')
const OError = require('@overleaf/o-error')
const { NotFoundError, InvalidNameError } = require('../Errors/Errors')
/**
* Keep in sync with validateFilename in services/clsi-cache/app/js/utils.js
*
* @param {string} filename
*/
function validateFilename(filename) {
if (filename.split('/').includes('..')) {
throw new InvalidNameError('path traversal')
}
if (
!(
[