mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-22 01:35:26 +08:00
Also reject null byte
This commit is contained in:
parent
98cd4333a1
commit
1e6eed42bd
|
@ -348,7 +348,7 @@ func (strict *StrictOptions) enforce(r *http.Request) error {
|
|||
|
||||
// Reject paths with // or ..
|
||||
if strict == nil || !strict.LenientPaths {
|
||||
if strings.Contains(r.URL.Path, "//") || strings.Contains(r.URL.Path, "..") {
|
||||
if strings.Contains(r.URL.Path, "//") || strings.Contains(r.URL.Path, "..") || strings.Contains(r.URL.Path, "\x00") {
|
||||
return Error(http.StatusBadRequest, fmt.Errorf("invalid request path: %s", r.URL.RawPath))
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user