rest-server

vh/rest-server

Fork 0

mirror of https://github.com/restic/rest-server.git synced 2025-12-07 09:36:13 -08:00

Commit Graph

Author	SHA1	Message	Date
Konrad Wojas	83e78c6cd7	Allow numbers in htpasswd usernames	2021-01-05 00:08:26 +08:00
Juergen Hoetzel	33c41b55bb	Security: Prevent loading of usernames containing a slash "/" is valid char in HTTP authorization headers, but is also used in rest-server to map usernames to private repos. This commit prevents loading maliciously composed usernames like "/foo/config" by restricting the allowed characters to the unicode character class, numbers, "-", "." and "@". Closes #131	2020-12-28 11:30:00 +01:00

Author

SHA1

Message

Date

Konrad Wojas

83e78c6cd7

Allow numbers in htpasswd usernames

2021-01-05 00:08:26 +08:00

Juergen Hoetzel

33c41b55bb

Security: Prevent loading of usernames containing a slash

"/" is valid char in HTTP authorization headers, but is also used in
rest-server to map usernames to private repos.

This commit prevents loading maliciously composed usernames like
"/foo/config" by restricting the allowed characters to the unicode
character class, numbers, "-", "." and "@".

Closes #131

2020-12-28 11:30:00 +01:00

2 Commits