andras/vault-link
1
0
Fork 0
Code Issues Pull requests 18 Projects Releases 55 Packages Wiki Activity Actions 1

Sanitize relative paths server-side

Browse source
This commit is contained in:
Andras Schmelczer 2025-01-04 16:16:54 +00:00
parent 0943681702
commit 6d5b183a3c
No known key found for this signature in database
GPG key ID: FC8F2C3D3D1A718C
6 changed files with 44 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/sync_server/src/server/delete_document.rs
View file

@ -10,11 +10,11 @@ use axum_extra::{
use schemars::JsonSchema;
use serde::Deserialize;
use super::{auth::auth, requests::DeleteDocumentVersion};
use super::{app_state::AppState, auth::auth, requests::DeleteDocumentVersion};
use crate::{
app_state::AppState,
database::models::{DocumentId, StoredDocumentVersion, VaultId},
errors::{server_error, SyncServerError},
utils::sanitize_path,
};
// This is required for aide to infer the path parameter types and names
@ -52,7 +52,7 @@ pub async fn delete_document(
vault_id,
vault_update_id: last_update_id + 1,
document_id,
relative_path: request.relative_path,
relative_path: sanitize_path(&request.relative_path),
content: vec![],
created_date: request.created_date,
updated_date: chrono::Utc::now(),