Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[misc] RequestParser: restrict imageName to an allow list and add tests

Browse Source
This commit is contained in:
Jakob Ackermann
2020-06-26 12:29:49 +01:00
parent c30e6a9d4f
commit 5ed09d1a98
5 changed files with 124 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/js/RequestParser.js
View File

@@ -61,7 +61,7 @@ module.exports = RequestParser = {
response.imageName = this._parseAttribute(
'imageName',
compile.options.imageName,
{ type: 'string' }
{ type: 'string', validValues: settings.allowedImageNamesFlat }
)
response.draft = this._parseAttribute('draft', compile.options.draft, {
default: false,