Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate plugin name #4636

Merged
merged 1 commit into from Dec 1, 2019
Merged

Validate plugin name #4636

merged 1 commit into from Dec 1, 2019

Conversation

alexandrebodin
Copy link
Member

@alexandrebodin alexandrebodin commented Dec 1, 2019

Description of what you did:

My PR is a:

  • 馃挜 Breaking change
  • 馃悰 Bug fix
  • 馃拝 Enhancement
  • 馃殌 New feature

Main update on the:

  • Admin
  • Documentation
  • Framework
  • Plugin

Manual testing done on the following databases:

  • Not applicable
  • MongoDB
  • MySQL
  • Postgres
  • SQLite

@alexandrebodin alexandrebodin added this to the 3.0.0-beta.17.8 milestone Dec 1, 2019
@alexandrebodin alexandrebodin requested a review from lauriejim Dec 1, 2019
@alexandrebodin alexandrebodin changed the title Validdate plugin name Validate plugin name Dec 1, 2019
Copy link
Member

@lauriejim lauriejim left a comment

LGTM!
Thank you @alexandrebodin for the quick fix.

@alexandrebodin alexandrebodin merged commit c198c26 into master Dec 1, 2019
1 check was pending
@lauriejim lauriejim deleted the fix/plugin-name branch Dec 1, 2019
@@ -101,6 +106,11 @@ module.exports = {
async uninstallPlugin(ctx) {
try {
const { plugin } = ctx.params;

if (!/^[A-Za-z0-9_-]+$/.test(plugin)) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's good idea to DRY this RegExp?

@slackr
Copy link
Contributor

@slackr slackr commented Dec 5, 2019

fyi, this was assigned CVE-2019-19609

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
source: core:admin
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants