mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-11-29 13:58:51 +03:00
Reject requests that contain backslash in path
PR #18626. Closes #18618.
This commit is contained in:
parent
ff0f3b4975
commit
58a654a70f
1 changed files with 8 additions and 3 deletions
|
@ -173,9 +173,14 @@ WebApplication::~WebApplication()
|
|||
|
||||
void WebApplication::sendWebUIFile()
|
||||
{
|
||||
const QStringList pathItems {request().path.split(u'/', Qt::SkipEmptyParts)};
|
||||
if (pathItems.contains(u".") || pathItems.contains(u".."))
|
||||
throw InternalServerErrorHTTPError();
|
||||
if (request().path.contains(u'\\'))
|
||||
throw BadRequestHTTPError();
|
||||
|
||||
if (const QList<QStringView> pathItems = QStringView(request().path).split(u'/', Qt::SkipEmptyParts)
|
||||
; pathItems.contains(u".") || pathItems.contains(u".."))
|
||||
{
|
||||
throw BadRequestHTTPError();
|
||||
}
|
||||
|
||||
const QString path = (request().path != u"/")
|
||||
? request().path
|
||||
|
|
Loading…
Reference in a new issue