7x31/nginxconfig.io
1
0
Fork 0
mirror of https://github.com/digitalocean/nginxconfig.io.git synced 2025-09-15 16:07:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

K-111219: Reflected XSS на /web-tools/nginx-config-generator

Browse Source
This commit is contained in:
Александр Гичкалов
2021-11-10 17:34:25 +04:00
committed by Aleksandr Gichkalov
parent d126616c8d
commit 28c7cfc5ac
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/js/app.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/nginxconfig/generators/conf/letsencrypt.conf.js
View File

@@ -29,7 +29,7 @@ export default global => {
config['# ACME-challenge'] = '';
config['location ^~ /.well-known/acme-challenge/'] = {
root: global.https.letsEncryptRoot.computed.replace(/\/+$/, ''),
root: global.https.letsEncryptRoot.computed.replace(/(<.+>)|(\/+$)/, ''),
};
// Done!

1
src/nginxconfig/templates/domain_sections/server.vue
View File

@@ -208,6 +208,7 @@ THE SOFTWARE.
watch: {
'$props.data.domain': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
// Ignore www. if given, enable WWW subdomain
if (data.computed.startsWith('www.')) {
data.computed = data.computed.slice(4);