clean api url paths from directory traversal (#539)
This commit is contained in:
parent
c4fb4a35ab
commit
ea29f580a5
|
@ -1616,6 +1616,9 @@ export class ApiService implements ApiServiceAbstraction {
|
||||||
headers.set('User-Agent', this.customUserAgent);
|
headers.set('User-Agent', this.customUserAgent);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Clean path from directory traversal
|
||||||
|
path = path.split('../').join('');
|
||||||
|
|
||||||
const requestInit: RequestInit = {
|
const requestInit: RequestInit = {
|
||||||
cache: 'no-store',
|
cache: 'no-store',
|
||||||
credentials: this.getCredentials(),
|
credentials: this.getCredentials(),
|
||||||
|
|
Loading…
Reference in New Issue