github
/
alist
mirror of https://github.com/Xhofe/alist
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: reflected XSS vulnerability plist api

pull/5581/head
Andy Hsu 2023-11-24 16:46:48 +08:00
parent 34746e951c
commit 6100647310
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/handles/helper.go
View File

@ -45,6 +45,8 @@ func Plist(c *gin.Context) {
}
fullName := c.Param("name")
Url := link.String()
Url = strings.ReplaceAll(Url, "<", "[")
Url = strings.ReplaceAll(Url, ">", "]")
nameEncode := linkNameSplit[1]
fullName, err = url.PathUnescape(nameEncode)
if err != nil {