Skip to content
Snippets Groups Projects
Verified Commit 765fdc61 authored by Jonas Röger's avatar Jonas Röger
Browse files

server.go - reportBug - prevent field injection

parent 85eab917
No related branches found
No related tags found
No related merge requests found
Pipeline #1914 passed with warnings
Stage: test
Stage: build
Show whitespace changes
Inline Side-by-side
Showing
with 5 additions and 0 deletions
internal/server.go
+ 5
0
View file @ 765fdc61
...@@ -338,6 +338,11 @@ func reportBug(w http.ResponseWriter, r *http.Request) { ...@@ -338,6 +338,11 @@ func reportBug(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, "Invaild Request") fmt.Fprint(w, "Invaild Request")
return return
} }
/* Prevent field injection (assuming no injection in user.Name is possible) */
if strings.ContainsRune(subject, '\n') {
w.WriteHeader(http.StatusBadRequest)
fmt.Fprint(w, "Invaild Request")
}
/* Try to dispatch bugreport */ /* Try to dispatch bugreport */
if err = BRDispatchBugreport(&user, subject, content); err != nil { if err = BRDispatchBugreport(&user, subject, content); err != nil {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment