MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] fix vulnerability when handling remote file redirects

Browse Source 
Also adds the ability for an admin to just completely disable this service if it is not needed on the node.
This commit is contained in:
Dane Everitt
2021-01-09 17:52:27 -08:00
parent 6701aa6dc1
commit 96256ac63e
5 changed files with 47 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
router/router.go
View File

@@ -88,9 +88,9 @@ func Configure() *gin.Engine {
files.POST("/decompress", postServerDecompressFiles)
files.POST("/chmod", postServerChmodFile)
files.GET("/pull", getServerPullingFiles)
files.POST("/pull", postServerPullRemoteFile)
files.DELETE("/pull/:download", deleteServerPullRemoteFile)
files.GET("/pull", m.CheckRemoteDownloadEnabled(), getServerPullingFiles)
files.POST("/pull", m.CheckRemoteDownloadEnabled(), postServerPullRemoteFile)
files.DELETE("/pull/:download", m.CheckRemoteDownloadEnabled(), deleteServerPullRemoteFile)
}
backup := server.Group("/backup")