ynerant
/
ghostream
mirror of https://gitlab.crans.org/nounous/ghostream.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Do not allow \ or @ in URL

This commit is contained in:
Alexandre Iooss 2020-10-16 21:23:13 +02:00
parent fcfe69143f
commit 73a2adc055
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/handler.go
View File

@ -8,6 +8,7 @@ import (
"log" "log"
"net" "net"
"net/http" "net/http"
"regexp"
"strings" "strings"
"github.com/markbates/pkger" "github.com/markbates/pkger"
@ -17,6 +18,11 @@ import (
"gitlab.crans.org/nounous/ghostream/stream/webrtc" "gitlab.crans.org/nounous/ghostream/stream/webrtc"
) )
var (
// Precompile regex
validPath = regexp.MustCompile("^/[a-z0-9_-]*$")
)
// Handle WebRTC session description exchange via POST // Handle WebRTC session description exchange via POST
func viewerPostHandler(w http.ResponseWriter, r *http.Request) { func viewerPostHandler(w http.ResponseWriter, r *http.Request) {
// Limit response body to 128KB // Limit response body to 128KB

4
web/web.go
View File

@ -7,7 +7,6 @@ import (
"log" "log"
"net/http" "net/http"
"os" "os"
"regexp"
"strings" "strings"
"github.com/markbates/pkger" "github.com/markbates/pkger"
@ -42,9 +41,6 @@ var (
// Preload templates // Preload templates
templates *template.Template templates *template.Template
// Precompile regex
validPath = regexp.MustCompile("^/[a-z0-9@_\\-]*/?$")
) )
// Load templates with pkger // Load templates with pkger