mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 12:50:55 +00:00
Merge pull request #3522 from saromanov/check-input-data
SessionRead: check of the length for input sid variable
This commit is contained in:
commit
bb6ca6b100
@ -19,6 +19,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"errors"
|
||||||
"path"
|
"path"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
@ -131,6 +132,9 @@ func (fp *FileProvider) SessionRead(sid string) (Store, error) {
|
|||||||
if strings.ContainsAny(sid, "./") {
|
if strings.ContainsAny(sid, "./") {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
if len(sid) < 2 {
|
||||||
|
return nil, errors.New("length of the sid is less than 2")
|
||||||
|
}
|
||||||
filepder.lock.Lock()
|
filepder.lock.Lock()
|
||||||
defer filepder.lock.Unlock()
|
defer filepder.lock.Unlock()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user