1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-25 18:50:55 +00:00

SessionRead: check of the length for input sid variable

This commit is contained in:
Sergey 2019-02-04 11:03:27 +05:00
parent 26a6b426f1
commit d7430eb921
No known key found for this signature in database
GPG Key ID: E291860300B0B63C

View File

@ -19,6 +19,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"errors"
"path" "path"
"path/filepath" "path/filepath"
"strings" "strings"
@ -131,6 +132,9 @@ func (fp *FileProvider) SessionRead(sid string) (Store, error) {
if strings.ContainsAny(sid, "./") { if strings.ContainsAny(sid, "./") {
return nil, nil return nil, nil
} }
if len(sid) < 2 {
return nil, errors.New("length of the sid is less than 2")
}
filepder.lock.Lock() filepder.lock.Lock()
defer filepder.lock.Unlock() defer filepder.lock.Unlock()