lbsadmin
/
Beego
mirror of https://github.com/astaxie/beego.git
1
0
Fork 0
Code Issues Releases Activity

Merge pull request #3522 from saromanov/check-input-data 

SessionRead: check of the length for input sid variable
This commit is contained in:
astaxie 2019-02-25 23:17:57 +08:00 committed by GitHub
parent 1483c1f545 d7430eb921
commit bb6ca6b100
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
session/sess_file.go
View File

@ -19,6 +19,7 @@ import (
"io/ioutil"
"net/http"
"os"
"errors"
"path"
"path/filepath"
"strings"
@ -131,6 +132,9 @@ func (fp *FileProvider) SessionRead(sid string) (Store, error) {
if strings.ContainsAny(sid, "./") {
return nil, nil
}
if len(sid) < 2 {
return nil, errors.New("length of the sid is less than 2")
}
filepder.lock.Lock()
defer filepder.lock.Unlock()