diff options
author | Francis Lavoie <lavofr@gmail.com> | 2021-12-30 04:15:48 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-30 04:15:48 -0500 |
commit | 3fe2c73dd04f7769a9d9673236cb94b79ac45659 (patch) | |
tree | 8136fcfe82d5bf3ba4158df0f965d4c866393113 /modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | |
parent | 5333c3528bd2badf1676efcced322d151e3706c8 (diff) |
caddyhttp: Fix `MatchPath` sanitizing (#4499)
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542
Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
Diffstat (limited to 'modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go')
0 files changed, 0 insertions, 0 deletions