johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Log4j: Sanitize user input in logs like filenames and album titles #1814

Browse Source
This commit is contained in:
Michael Mayer
2021-12-14 17:07:38 +01:00
parent ccfa99543d
commit 9a8144c046
101 changed files with 449 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/download.go
View File

@@ -56,7 +56,7 @@ func GetDownload(router *gin.RouterGroup) {
fileName := photoprism.FileName(f.FileRoot, f.FileName)
if !fs.FileExists(fileName) {
log.Errorf("download: file %s is missing", txt.Quote(f.FileName))
log.Errorf("download: file %s is missing", txt.LogParam(f.FileName))
c.Data(404, "image/svg+xml", brokenIconSvg)
// Set missing flag so that the file doesn't show up in search results anymore.