Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTML-730: Do not allow loading arbitrary files #178

Merged
merged 1 commit into from Jun 2, 2020
Merged

HTML-730: Do not allow loading arbitrary files #178

merged 1 commit into from Jun 2, 2020

Conversation

ibacher
Copy link
Member

@ibacher ibacher commented May 10, 2020

Description of what I changed

This prevents the load of files via absolute paths or path traversal.

Issue I worked on

see https://issues.openmrs.org/browse/HTML-730

Checklist: I completed these to help reviewers :)

  • My pull request only contains ONE single commit
    (the number above, next to the 'Commits' tab is 1).

    No? -> read here on how to squash multiple commits into one

  • My IDE is configured to follow the code style of this project.

    No? Unsure? -> configure your IDE, format the code and add the changes with git add . && git commit --amend

  • x ] I have added tests to cover my changes. (If you refactored
    existing code that was well tested you do not have to add tests)

    No? -> write tests and add them to this commit git add . && git commit --amend

  • I ran mvn clean package right before creating this pull request and
    added all formatting changes to my commit.

    No? -> execute above command

  • All new and existing tests passed.

    No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.

  • My pull request is based on the latest changes of the master branch.

    No? Unsure? -> execute command git pull --rebase upstream master

@sherrif10
Copy link
Member

How did u make it to push and run two travis at the same time. Some advise because it seems intresting and good idea

@ibacher
Copy link
Member Author

ibacher commented Jun 2, 2020

@sherrif10 It's actually caused by the repository configuration in Travis and the fact that I'm developing this on a branch of the HTMLFormEntry module, so one of those Travis builds kicks off because I updated the branch and the other because I updated the PR.

@sherrif10
Copy link
Member

sherrif10 commented Jun 2, 2020

@ibacher Sounds great however it seems not to be advised to someone , thanks

@ibacher ibacher merged commit 4425e26 into master Jun 2, 2020
2 checks passed
@ibacher ibacher deleted the HTML-730 branch June 2, 2020 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants