deblan-mirror/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2026-03-14 22:35:52 +01:00
Code Issues Projects Releases Packages Wiki Activity
sftpgo/internal/common
History
Exact
Nicola Murino 2f092d1289
 fix: prevent path traversal via edge-level path normalization 
Moved path sanitization (backslash conversion and path cleaning) to
the SFTP/FTP handlers before VFS routing and permission checks.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2026-03-07 12:03:59 +01:00
..
actions.go remove some unnecessary string conversions 2025-01-04 11:58:37 +01:00
actions_test.go EventManager: add datetime placeholder 2024-10-08 18:39:00 +02:00
clientsmap.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
clientsmap_test.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
common.go reply to stat calls also for ongoing transfers on atomic storage backends 2026-02-16 17:54:10 +01:00
common_test.go Fix/ftp active connection closed (#2164) 2026-01-27 18:48:59 +01:00
connection.go reply to stat calls also for ongoing transfers on atomic storage backends 2026-02-16 17:54:10 +01:00
connection_test.go fix: prevent path traversal via edge-level path normalization 2026-03-07 12:03:59 +01:00
dataretention.go Remove legacy data retention API 2025-07-12 22:20:54 +02:00
dataretention_test.go Remove legacy data retention API 2025-07-12 22:20:54 +02:00
defender.go defender: allow to impose a delay between login attempts 2024-05-18 10:35:54 +02:00
defender_test.go nt: fix unused write warnings 2024-07-03 20:42:51 +02:00
defenderdb.go upgrade golangci-lint to v2 2025-03-29 11:36:19 +01:00
defenderdb_test.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
defendermem.go upgrade golangci-lint to v2 2025-03-29 11:36:19 +01:00
eventmanager.go EventManager: avoid copying user struct when updating parameters 2025-06-10 20:04:59 +02:00
eventmanager_test.go EventManager: escape email body when content type is text/html 2025-04-24 19:01:17 +02:00
eventscheduler.go EventManager: allow to configure the timezone to use for the scheduler 2024-06-30 18:52:59 +02:00
httpauth.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
httpauth_test.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
protocol_test.go fix: prevent path traversal via edge-level path normalization 2026-03-07 12:03:59 +01:00
ratelimiter.go replace utils.Contains with slices.Contains 2024-07-24 18:27:13 +02:00
ratelimiter_test.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
tlsutils.go replace utils.Contains with slices.Contains 2024-07-24 18:27:13 +02:00
tlsutils_test.go Merge branch 'main' of github.com:drakkan/sftpgo 2024-01-10 20:01:54 +01:00
transfer.go upgrade golangci-lint to v2 2025-03-29 11:36:19 +01:00
transfer_test.go upload: avoid a stat call if not strictly required 2024-11-30 20:43:19 +01:00
transferschecker.go remove end year from Copyright notice in files 2024-01-01 11:31:45 +01:00
transferschecker_test.go fix connection limits 2024-10-26 21:18:19 +02:00