HCha/alist
1
0
Fork 0
mirror of https://github.com/HChaZZY/alist.git synced 2025-12-06 11:03:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: reflected XSS vulnerability plist api

Browse Source
This commit is contained in:
Andy Hsu
2023-11-24 16:46:48 +08:00
parent 34746e951c
commit 6100647310
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/handles/helper.go
View File

@@ -45,6 +45,8 @@ func Plist(c *gin.Context) {
} }
fullName := c.Param("name") fullName := c.Param("name")
Url := link.String() Url := link.String()
Url = strings.ReplaceAll(Url, "<", "[")
Url = strings.ReplaceAll(Url, ">", "]")
nameEncode := linkNameSplit[1] nameEncode := linkNameSplit[1]
fullName, err = url.PathUnescape(nameEncode) fullName, err = url.PathUnescape(nameEncode)
if err != nil { if err != nil {