about summary refs log tree commit diff
path: root/scripts/chat.tmux.conf
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
committerJune McEnroe <june@causal.agency>2022-04-20 18:29:28 -0400
commit1b8be724bc5f3cc18da770e01174719ec4890791 (patch)
tree79cbb0ba57f3bf265c587089aca902f786e73639 /scripts/chat.tmux.conf
parentAdd screenshot to README (diff)
downloadcatgirl-1b8be724bc5f3cc18da770e01174719ec4890791.tar.gz
catgirl-1b8be724bc5f3cc18da770e01174719ec4890791.zip
Sanitize leading dots from log path components
Prevent directory traversal by sanitizing leading dots as well as
slashes from log path components, which can be controlled by the
server. Side effect of preventing hidden dotfiles is a bonus, I
think.

Also check that the full path actually fits in the buffer.

Reported-by: Samanta Navarro <ferivoz@riseup.net>
Diffstat (limited to 'scripts/chat.tmux.conf')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-20 16:11:23 +0000


 


gsubject'>Run tf/cfg link script with /bin/shJune McEnroe


2018-08-18Run {,s,t}up with /bin/shJune McEnroe


2018-08-18Use whence instead of typeJune McEnroe

type is an alias for whence -v and is more for human consumption.



2018-08-18Cut off path components until right prompt fitsJune McEnroe

Keeps paths valid (from somehwere) rather than abrupt truncation.



2018-08-17Add "private" alias to source encrypted fileJune McEnroe

Why is there no easy way to *edit* an encrypted file?



2018-08-17Add vim mapping to add a #includeJune McEnroe