|
@@ -62,9 +62,9 @@ module.exports = (crowi) => {
|
|
|
|
|
|
|
|
const validator = {
|
|
const validator = {
|
|
|
deleteFile: [
|
|
deleteFile: [
|
|
|
- // https://regex101.com/r/mD4eZs/3
|
|
|
|
|
|
|
+ // https://regex101.com/r/mD4eZs/4
|
|
|
// prevent from unexpecting attack doing delete file (path traversal attack)
|
|
// prevent from unexpecting attack doing delete file (path traversal attack)
|
|
|
- param('fileName').not().matches(/(\.\.\/|\.\.\\)/g),
|
|
|
|
|
|
|
+ param('fileName').not().matches(/(\.\.\/|\.\.\\)/),
|
|
|
],
|
|
],
|
|
|
};
|
|
};
|
|
|
|
|
|
zamis