You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@unomi.apache.org by "Kevan Jahanshahi (Jira)" <ji...@apache.org> on 2022/01/06 14:33:00 UTC
[jira] [Resolved] (UNOMI-543) Add validation on filename for ImportConfigurationServiceEndPoint
[ https://issues.apache.org/jira/browse/UNOMI-543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevan Jahanshahi resolved UNOMI-543.
------------------------------------
Resolution: Fixed
> Add validation on filename for ImportConfigurationServiceEndPoint
> -----------------------------------------------------------------
>
> Key: UNOMI-543
> URL: https://issues.apache.org/jira/browse/UNOMI-543
> Project: Apache Unomi
> Issue Type: Bug
> Affects Versions: 2.0.0, 1.6.0
> Reporter: Kevan Jahanshahi
> Assignee: Kevan Jahanshahi
> Priority: Major
> Fix For: 2.0.0, 1.6.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> curl -v -k -H "Authorization: Basic a2FyYWY6a2FyYWY=" -F "file=" -F "importConfigId=../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/123456789" -X POST [https://127.0.0.1:9443/cxs/importConfiguration/oneshot]
>
> Execute the command "ls /tmp".Viewing the /tmp directory will generate a '123456789.csv' file.
> Only alphanumeric characters should be allowed in the file name and some characters like: -_.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)