mirror of
https://gitlab.crans.org/nounous/ghostream.git
synced 2024-12-22 15:02:19 +00:00
Do not allow \ or @ in URL
This commit is contained in:
parent
fcfe69143f
commit
73a2adc055
@ -8,6 +8,7 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/markbates/pkger"
|
"github.com/markbates/pkger"
|
||||||
@ -17,6 +18,11 @@ import (
|
|||||||
"gitlab.crans.org/nounous/ghostream/stream/webrtc"
|
"gitlab.crans.org/nounous/ghostream/stream/webrtc"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// Precompile regex
|
||||||
|
validPath = regexp.MustCompile("^/[a-z0-9_-]*$")
|
||||||
|
)
|
||||||
|
|
||||||
// Handle WebRTC session description exchange via POST
|
// Handle WebRTC session description exchange via POST
|
||||||
func viewerPostHandler(w http.ResponseWriter, r *http.Request) {
|
func viewerPostHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
// Limit response body to 128KB
|
// Limit response body to 128KB
|
||||||
|
@ -7,7 +7,6 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"regexp"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/markbates/pkger"
|
"github.com/markbates/pkger"
|
||||||
@ -42,9 +41,6 @@ var (
|
|||||||
|
|
||||||
// Preload templates
|
// Preload templates
|
||||||
templates *template.Template
|
templates *template.Template
|
||||||
|
|
||||||
// Precompile regex
|
|
||||||
validPath = regexp.MustCompile("^/[a-z0-9@_\\-]*/?$")
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Load templates with pkger
|
// Load templates with pkger
|
||||||
|
Loading…
Reference in New Issue
Block a user