Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity

Added input sanitization for backup path

Browse source 
- We need to limit the allowed filename accepted by the method to avoid opening up path traversal attack
This commit is contained in:
Nazar Gargol 2019-12-17 15:08:04 +07:00 committed by Daniel Lockyer
parent d5c61c7eea
commit 70cf2b2c86
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/server/data/db/backup.js
View file

@ -18,8 +18,9 @@ writeExportFile = function writeExportFile(exportResult) {
};
const readBackup = async (filename) => {
// TODO: prevent from directory traversal - need to sanitize the filename probably on validation layer
var backupPath = path.resolve(urlUtils.urlJoin(config.get('paths').contentPath, 'data', filename));
const parsedFileName = path.parse(filename);
const sanitized = `${parsedFileName.name}${parsedFileName.ext}`;
const backupPath = path.resolve(urlUtils.urlJoin(config.get('paths').contentPath, 'data', sanitized));
const exists = await fs.pathExists(backupPath);