Prevent the media store from writing outside of the configured directory
Also tighten validation of server names by forbidding invalid characters in IPv6 addresses and empty domain labels.
Showing
- synapse/rest/media/v1/_base.py 17 additions, 1 deletionsynapse/rest/media/v1/_base.py
- synapse/rest/media/v1/filepath.py 199 additions, 42 deletionssynapse/rest/media/v1/filepath.py
- synapse/util/stringutils.py 14 additions, 7 deletionssynapse/util/stringutils.py
- tests/http/test_endpoint.py 3 additions, 0 deletionstests/http/test_endpoint.py
- tests/rest/media/v1/test_filepath.py 250 additions, 0 deletionstests/rest/media/v1/test_filepath.py
Loading
Please register or sign in to comment