|
@@ -325,7 +325,7 @@ module.exports = function(crowi, app) {
|
|
|
|
|
|
|
|
api.validators.export.download = function() {
|
|
api.validators.export.download = function() {
|
|
|
const validator = [
|
|
const validator = [
|
|
|
- // https://regex101.com/r/mD4eZs/3
|
|
|
|
|
|
|
+ // https://regex101.com/r/mD4eZs/4
|
|
|
// prevent from pass traversal attack
|
|
// prevent from pass traversal attack
|
|
|
param('fileName').not().matches(/(\.\.\/|\.\.\\)/),
|
|
param('fileName').not().matches(/(\.\.\/|\.\.\\)/),
|
|
|
];
|
|
];
|
zamis