Skip to content
Snippets Groups Projects
Commit 3bd79c7c authored by Dinis Rosário's avatar Dinis Rosário Committed by Marko Mikulicic
Browse files

Fix remove_double_dots_and_double_slashes removing all the dots leading http... 

Fix remove_double_dots_and_double_slashes removing all the dots leading http server to serve wrong URI

If the uri is something like '/js/...jquery.js', remove_double_dots_and_double_slashes will remove the 3 dots and the http server will serves the /js/jquery.js file.
remove_double_dots_and_double_slashes should check if a dot or double dots is followed by a slash (or backslash) and only remove this to avoid disclosure attack.
parent c52e0744
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment