summary refs log tree commit diff
path: root/scripts/Makefile
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
committerJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
commit1b8be724bc5f3cc18da770e01174719ec4890791 (patch)
tree79cbb0ba57f3bf265c587089aca902f786e73639 /scripts/Makefile
parentAdd screenshot to README (diff)
downloadcatgirl-1b8be724bc5f3cc18da770e01174719ec4890791.tar.gz
catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.zip
Sanitize leading dots from log path components
Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.

Also check that the full path actually fits in the buffer.

Reported-by: Samanta Navarro <ferivoz@riseup.net>
Diffstat (limited to 'scripts/Makefile')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-09 03:14:01 +0000


 


>June McEnroe
2020-02-12Move catgirl up the pageJune McEnroe
2020-02-12Update catgirl pty grabJune McEnroe
2020-02-12Link to cgit /about pages where appropriateJune McEnroe
2020-02-11Separate LINKS from BINS for html to workJune McEnroe
2020-02-11Add margin to Bl-bullet itemsJune McEnroe
2020-02-10Match URLs inside parens or with paired parens insideJune McEnroe
2020-02-10Duplicate effective URL before passing it back to curlJune McEnroe
2020-02-09Add To Be Taught, If FortunateJune McEnroe
2020-02-04Add The Future of Another TimelineJune McEnroe
2020-01-31Reorganize the Makefile for the umpteenth timeJune McEnroe
2020-01-28Change scout sensitivity to 1.4June McEnroe
2020-01-28Import shows.txtJune McEnroe