@@ -58,6 +58,14 @@ module.exports = (crowi) => {
socketIoService.getAdminSocket().emit('admin:onTerminateForExport', data);
});
+ const validator = {
+ deleteFile: [
+ // https://regex101.com/r/mD4eZs/3
+ // prevent from unexpecting attack doing delete file (path traversal attack)
+ param('fileName').not().matches(/(\.\.\/|\.\.\\)/g),
+ ],
+ };
+
/**
* @swagger
itizawa