|
|
@@ -325,7 +325,8 @@ module.exports = function(crowi, app) {
|
|
|
|
|
|
api.validators.export.download = function() {
|
|
|
const validator = [
|
|
|
- // param('fileName').not().contains('../'),
|
|
|
+ // https://regex101.com/r/mD4eZs/3
|
|
|
+ // prevent from pass traversal attack
|
|
|
param('fileName').not().matches(/(\.\.\/|\.\.\\)/, 'mg'),
|
|
|
];
|
|
|
return validator;
|
zamis