7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

K-111219: Reflected XSS на /web-tools/nginx-config-generator

This commit is contained in:
Александр Гичкалов 2021-11-10 17:34:25 +04:00 committed by Aleksandr Gichkalov
parent d126616c8d
commit 28c7cfc5ac
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/js/app.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/nginxconfig/generators/conf/letsencrypt.conf.js
View File

@ -29,7 +29,7 @@ export default global => {
config['# ACME-challenge'] = '';
config['location ^~ /.well-known/acme-challenge/'] = {
root: global.https.letsEncryptRoot.computed.replace(/\/+$/, ''),
root: global.https.letsEncryptRoot.computed.replace(/(<.+>)|(\/+$)/, ''),
};
// Done!

1
src/nginxconfig/templates/domain_sections/server.vue
View File

@ -208,6 +208,7 @@ THE SOFTWARE.
watch: {
'$props.data.domain': {
handler(data) {
data.computed = data.computed.replace(/<.+>/, '');
// Ignore www. if given, enable WWW subdomain
if (data.computed.startsWith('www.')) {
data.computed = data.computed.slice(4);