7x31/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-08-21 02:34:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: make sure that stripping backslashes for notification urls cannot cause catastophic backtracking (ReDOS) (#5573)

Browse Source 
Co-authored-by: Frank Elsinga <frank@elsinga.de>
This commit is contained in:
DayShift
2025-01-26 18:52:12 +08:00
committed by GitHub
parent 7dc6191b0a
commit 7a9191761d
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/notification-providers/whapi.js
View File

@@ -24,7 +24,7 @@ class Whapi extends NotificationProvider {
"body": msg,
};
let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text";
let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text";
await axios.post(url, data, config);