Mirrors/kararas_iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2026-05-13 01:23:47 +00:00
Code Releases Activity

:)

Browse Source
This commit is contained in:
Gerasimos (Makis) Maropoulos
2021-01-09 05:41:20 +02:00
parent 72c2dafd2e
commit 8aedf6bc32
36 changed files with 99 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
context/context.go
View File

@@ -1979,8 +1979,8 @@ func (ctx *Context) UploadFormFiles(destDirectory string, before ...func(*Contex
// which could lead to override existing system files
// by ../../$file.
// Reported by Frank through security reports.
file.Filename = strings.TrimLeft(file.Filename, "../")
file.Filename = strings.TrimLeft(file.Filename, "..\\")
file.Filename = strings.ReplaceAll(file.Filename, "../", "")
file.Filename = strings.ReplaceAll(file.Filename, "..\\", "")
for _, b := range before {
if !b(ctx, file) {
@@ -2859,10 +2859,8 @@ func (ctx *Context) CompressReader(enable bool) error {
return err
}
ctx.request.Body = r
} else {
if ok {
ctx.request.Body = cr.Src
}
} else if ok {
ctx.request.Body = cr.Src
}
return nil
@@ -3208,9 +3206,9 @@ func WriteJSON(writer io.Writer, v interface{}, options JSON, optimize bool) (in
}
if options.UnescapeHTML {
result = bytes.Replace(result, ltHex, lt, -1)
result = bytes.Replace(result, gtHex, gt, -1)
result = bytes.Replace(result, andHex, and, -1)
result = bytes.ReplaceAll(result, ltHex, lt)
result = bytes.ReplaceAll(result, gtHex, gt)
result = bytes.ReplaceAll(result, andHex, and)
}
if prependSecure {