xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-09-17 16:56:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge d09801bcab into 995bef73de

Browse Source
This commit is contained in:
MirzaSamadAhmedBaig 2025-08-10 17:10:10 +05:00 committed by GitHub
commit c2163b1609
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/webdav/[...path]/route.ts
View File

@ -62,7 +62,12 @@ async function handle(
endpoint += "/"; endpoint += "/";
} }
const endpointPath = params.path.join("/"); // Sanitize path components to prevent path traversal attacks
const sanitizedPathComponents = params.path
.filter(component => component && component !== '.' && component !== '..')
.map(component => encodeURIComponent(component));
const endpointPath = sanitizedPathComponents.join("/");
const targetPath = `${endpoint}${endpointPath}`; const targetPath = `${endpoint}${endpointPath}`;
// only allow MKCOL, GET, PUT // only allow MKCOL, GET, PUT