Sutty/panel
5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2025-02-24 11:01:47 +00:00
Code Issues Projects Releases Wiki Activity

fix: solo validar el host de archivo subido si estamos validando hosts #13181
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse source
This commit is contained in:
f 2023-04-20 18:30:10 -03:00
parent 47ffb7ebca
commit 7c6f3ca8b4
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/models/metadata_content.rb
View file

@ -56,8 +56,13 @@ class MetadataContent < MetadataTemplate
uri = URI element['src'] uri = URI element['src']
# No permitimos recursos externos # No permitimos recursos externos, solo si sabemos cuales son
raise URI::Error unless Rails.application.config.hosts.include?(uri.hostname) # los recursos locales
if Rails.application.config.hosts.present?
unless Rails.application.config.hosts.include?(uri.hostname)
raise URI::Error
end
end
element['src'] = convert_src_to_internal_path uri element['src'] = convert_src_to_internal_path uri