lordtet/www-lordnet-sh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Directory traversal fix. I don't think it could've led to something

Browse source 
serious, but lets fix it anyway.
This commit is contained in:
lordtet 2026-04-03 22:13:58 -04:00
parent 750f7fa50a
commit 20c8e3a2cb
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/assets/js/blog.js
View file

@ -90,6 +90,7 @@
var type = hash.slice(0, slash); var type = hash.slice(0, slash);
var slug = hash.slice(slash + 1); var slug = hash.slice(slash + 1);
if (!slug || (type !== "blog" && type !== "projects")) return; if (!slug || (type !== "blog" && type !== "projects")) return;
if (!/^[a-z0-9_-]+$/i.test(slug)) return;
var fragUrl = "/fragments/" + type + "/" + slug + "/"; var fragUrl = "/fragments/" + type + "/" + slug + "/";
WM.showAt("win-" + type, fragUrl, "/fragments/" + type + "/", function (c) { WM.showAt("win-" + type, fragUrl, "/fragments/" + type + "/", function (c) {
injectShare(c, fragUrl); injectShare(c, fragUrl);