sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(routes): complete post-refactor dependency wiring cleanup

Browse Source
This commit is contained in:
Krystie
2026-05-02 20:43:39 -07:00
parent 4eebb3ce7a
commit 0c658a26a8
32 changed files with 495 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dashcaddy-api/input-validator.js
View File

@@ -507,7 +507,7 @@ async function validateSecurePath(requestedPath, allowedRoots, auditLogger = nul
const suspiciousPatterns = [
/\.\./, // ..
/%2e%2e/i, // URL encoded ..
/\.\%2f/i, // .%2F (encoded ./)
/\.%2f/i, // .%2F (encoded ./)
/%2e\./i, // %2E.
/\.\\/, // .\ (Windows)
/%5c/i // URL encoded backslash