Skip to content
Snippets Groups Projects
Commit a487e0c6 authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Don't allow colons in web-requested path names on Windows 

This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other
potential pathname issues on Windows involving colons.

There are other illegal filename characters on Windows (e.g. <>|"?*), but
filenames with these characters aren't expected to pass the later stat() test,
so should fail with a 404 error.
parent 9f789457
Branches
No related tags found
Checking pipeline status
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment