Merge pull request #2044 from filebrowser/security_fix

pull/2046/head
Oleg Lobanov 2022-07-19 00:42:45 +02:00 committed by GitHub
commit 0523b31b96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions

View File

@ -53,10 +53,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
return auth, nil return auth, nil
} }
if r.Method == http.MethodGet {
cookie, _ := r.Cookie("auth") cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 { if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil return cookie.Value, nil
} }
}
return "", request.ErrNoTokenInRequest return "", request.ErrNoTokenInRequest
} }