johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

API: Improve path and filename parameter sanitation #1814

Browse Source
This commit is contained in:
Michael Mayer
2021-12-14 20:01:39 +01:00
parent cce371d35a
commit 0f0c0aaa0b
100 changed files with 683 additions and 452 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/download.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/photoprism/photoprism/pkg/fs"
"github.com/photoprism/photoprism/pkg/sanitize"
"github.com/photoprism/photoprism/pkg/txt"
)
// TODO: GET /api/v1/dl/file/:hash
@@ -56,7 +55,7 @@ func GetDownload(router *gin.RouterGroup) {
fileName := photoprism.FileName(f.FileRoot, f.FileName)
if !fs.FileExists(fileName) {
log.Errorf("download: file %s is missing", txt.LogParam(f.FileName))
log.Errorf("download: file %s is missing", sanitize.Log(f.FileName))
c.Data(404, "image/svg+xml", brokenIconSvg)
// Set missing flag so that the file doesn't show up in search results anymore.