-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Storage label allows '.' from oidc #3346
Labels
Comments
pixil98
added
bug
Something isn't working
needs triage
Bug that needs triage from maintainer
labels
Jul 20, 2023
alextran1502
added
🗄️server
and removed
needs triage
Bug that needs triage from maintainer
labels
Aug 1, 2023
Is there a reason why the dots |
It is stripped out to prevent path traversal attack I believe |
JW-CH
added a commit
to JW-CH/immich
that referenced
this issue
Dec 14, 2023
…management page phone-view same as desktop
JW-CH
added a commit
to JW-CH/immich
that referenced
this issue
Dec 14, 2023
…management page phone-view same as desktop
JW-CH
added a commit
to JW-CH/immich
that referenced
this issue
Dec 15, 2023
jrasm91
pushed a commit
that referenced
this issue
Jan 1, 2024
martabal
pushed a commit
that referenced
this issue
Jan 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The bug
When using the new functionality to set a storage label from a claim when using oauth, the claim seems to be taken without sanitation. In my setup the preferred_username is an email address so it has a
.
in it.If I try to set the same storage label manually, the
.
is stripped out when it is saved. I assume it's stripped out for a reason, but either way it would be good to be consistent.The OS that Immich Server is running on
Debian
Version of Immich Server
v1.68.0
Version of Immich Mobile App
N/A
Platform with the issue
Your docker-compose.yml content
Your .env content
Reproduction steps
Additional information
No response
The text was updated successfully, but these errors were encountered: