projects / oweals / luci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad7dc4a) | patch
luci-base: don't propagate null bytes in path information
authorJo-Philipp Wich <jo@mein.io>
Tue, 10 Apr 2018 09:38:29 +0000 (11:38 +0200)
committerJo-Philipp Wich <jo@mein.io>
Tue, 10 Apr 2018 09:41:32 +0000 (11:41 +0200)
commitb194b8882e4d335a265f44c478ea8e3d7b2a99fc
tree8eae7b304755ddbc9afac70712ecc2467eac59f9tree | snapshot
parentad7dc4a4928e77ae142d0fe040f9e9e64b530e82commit | diff
luci-base: don't propagate null bytes in path information

It is possible to inject unescaped markup using a double encoded null byte
via PATH_INFO on certain leaf nodes.

Since there is no legitimate reason to handle null bytes in any part of the
requested url, simply skip over such bytes when parsing the PATH_INFO value.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/luasrc/dispatcher.lua diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.