1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-22 07:40:54 +00:00

Merge pull request #3522 from saromanov/check-input-data

SessionRead: check of the length for input sid variable
This commit is contained in:
astaxie 2019-02-25 23:17:57 +08:00 committed by GitHub
commit bb6ca6b100
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -19,6 +19,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"errors"
"path" "path"
"path/filepath" "path/filepath"
"strings" "strings"
@ -131,6 +132,9 @@ func (fp *FileProvider) SessionRead(sid string) (Store, error) {
if strings.ContainsAny(sid, "./") { if strings.ContainsAny(sid, "./") {
return nil, nil return nil, nil
} }
if len(sid) < 2 {
return nil, errors.New("length of the sid is less than 2")
}
filepder.lock.Lock() filepder.lock.Lock()
defer filepder.lock.Unlock() defer filepder.lock.Unlock()