mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-22 12:08:28 +08:00
Also reject null byte
This commit is contained in:
parent
98cd4333a1
commit
1e6eed42bd
|
@ -348,7 +348,7 @@ func (strict *StrictOptions) enforce(r *http.Request) error {
|
||||||
|
|
||||||
// Reject paths with // or ..
|
// Reject paths with // or ..
|
||||||
if strict == nil || !strict.LenientPaths {
|
if strict == nil || !strict.LenientPaths {
|
||||||
if strings.Contains(r.URL.Path, "//") || strings.Contains(r.URL.Path, "..") {
|
if strings.Contains(r.URL.Path, "//") || strings.Contains(r.URL.Path, "..") || strings.Contains(r.URL.Path, "\x00") {
|
||||||
return Error(http.StatusBadRequest, fmt.Errorf("invalid request path: %s", r.URL.RawPath))
|
return Error(http.StatusBadRequest, fmt.Errorf("invalid request path: %s", r.URL.RawPath))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user