gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-19 08:19:15 +08:00
Code

fix: 解决命令注入waf被绕过的问题 (#4268)

Browse Source
This commit is contained in:
an4er 2024-03-22 14:18:47 +08:00 committed by GitHub
parent 062b2f2ae6
commit 1ff5bf85e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/utils/cmd/cmd.go
View File

@ -178,7 +178,7 @@ func CheckIllegal(args ...string) bool {
if strings.Contains(arg, "&") || strings.Contains(arg, "|") || strings.Contains(arg, ";") || if strings.Contains(arg, "&") || strings.Contains(arg, "|") || strings.Contains(arg, ";") ||
strings.Contains(arg, "$") || strings.Contains(arg, "'") || strings.Contains(arg, "`") || strings.Contains(arg, "$") || strings.Contains(arg, "'") || strings.Contains(arg, "`") ||
strings.Contains(arg, "(") || strings.Contains(arg, ")") || strings.Contains(arg, "\"") || strings.Contains(arg, "(") || strings.Contains(arg, ")") || strings.Contains(arg, "\"") ||
strings.Contains(arg, "\n") || strings.Contains(arg, "\r") { strings.Contains(arg, "\n") || strings.Contains(arg, "\r") || strings.Contains(arg, ">") {
return true return true
} }
} }