tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-17 21:20:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection

Browse Source
This commit is contained in:
Andras Bacsai
2025-11-27 14:36:31 +01:00
parent e60e74ac90
commit 0073d045fb
11 changed files with 439 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Livewire/Project/Service/Storage.php
View File

@@ -179,6 +179,10 @@ class Storage extends Component
$this->file_storage_directory_destination = trim($this->file_storage_directory_destination);
$this->file_storage_directory_destination = str($this->file_storage_directory_destination)->start('/')->value();
// Validate paths to prevent command injection
validateShellSafePath($this->file_storage_directory_source, 'storage source path');
validateShellSafePath($this->file_storage_directory_destination, 'storage destination path');
\App\Models\LocalFileVolume::create([
'fs_path' => $this->file_storage_directory_source,
'mount_path' => $this->file_storage_directory_destination,