Check
- I have already read Docs page
- I have already searched existing issues
Feature Request
When browsing the project code, I found a vulnerability fix for arbitrary file reading:
security check: do not allow ../ in path
After a brief thought, I found that this safety check is incomplete,that is to say, I can bypass here
In windows, I can use ..\ bypass:
{% include_code ..\..\..\..\..\..\..\..\..\..\..\test.txt %}
The Linux file system does not support reading backslashes, theoretically it can be read through ..\/..\/..\/..\/..\/etc/passwd,but I did not verify successfully on Linux. This operation was only verified successfully in the Windows environment.
So my suggestion is not only to do not allow ../ in path, also to do not allow ..\ in path, or change ../ to .. , file
Check
Feature Request
When browsing the project code, I found a vulnerability fix for arbitrary file reading:
security check: do not allow ../ in path
After a brief thought, I found that this safety check is incomplete,that is to say, I can bypass here
In windows, I can use
..\bypass:{% include_code ..\..\..\..\..\..\..\..\..\..\..\test.txt %}The Linux file system does not support reading backslashes, theoretically it can be read through
..\/..\/..\/..\/..\/etc/passwd,but I did not verify successfully on Linux. This operation was only verified successfully in the Windows environment.So my suggestion is not only to do not allow
../in path, also to do not allow..\in path, or change../to..,file