Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate plugin name #4636

merged 1 commit into from Dec 1, 2019

Validate plugin name #4636

merged 1 commit into from Dec 1, 2019


Copy link

@alexandrebodin alexandrebodin commented Dec 1, 2019

Description of what you did:

My PR is a:

  • 馃挜 Breaking change
  • 馃悰 Bug fix
  • 馃拝 Enhancement
  • 馃殌 New feature

Main update on the:

  • Admin
  • Documentation
  • Framework
  • Plugin

Manual testing done on the following databases:

  • Not applicable
  • MongoDB
  • MySQL
  • Postgres
  • SQLite

@alexandrebodin alexandrebodin added this to the 3.0.0-beta.17.8 milestone Dec 1, 2019
@alexandrebodin alexandrebodin requested a review from lauriejim Dec 1, 2019
@alexandrebodin alexandrebodin changed the title Validdate plugin name Validate plugin name Dec 1, 2019
Copy link

@lauriejim lauriejim left a comment

Thank you @alexandrebodin for the quick fix.

@alexandrebodin alexandrebodin merged commit c198c26 into master Dec 1, 2019
1 check was pending
@lauriejim lauriejim deleted the fix/plugin-name branch Dec 1, 2019
@@ -101,6 +106,11 @@ module.exports = {
async uninstallPlugin(ctx) {
try {
const { plugin } = ctx.params;

if (!/^[A-Za-z0-9_-]+$/.test(plugin)) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's good idea to DRY this RegExp?

Copy link

@slackr slackr commented Dec 5, 2019

fyi, this was assigned CVE-2019-19609

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
source: core:admin
None yet

Successfully merging this pull request may close these issues.

None yet

4 participants