bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 08:13:42 +00:00
Code Issues Releases Wiki Activity

clean api url paths from directory traversal (#539)

Browse Source
This commit is contained in:
Kyle Spearrin
2021-11-09 15:37:58 -05:00
committed by GitHub
parent c4fb4a35ab
commit ea29f580a5
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
common/src/services/api.service.ts
View File

@@ -1616,6 +1616,9 @@ export class ApiService implements ApiServiceAbstraction {
headers.set('User-Agent', this.customUserAgent); headers.set('User-Agent', this.customUserAgent);
} }
// Clean path from directory traversal
path = path.split('../').join('');
const requestInit: RequestInit = { const requestInit: RequestInit = {
cache: 'no-store', cache: 'no-store',
credentials: this.getCredentials(), credentials: this.getCredentials(),