Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(user-validation): enhance path validation in Traefik config

Browse Source 
- Added refined validation for the 'path' field to prevent directory traversal attacks and unauthorized access.
- Implemented checks for null bytes and ensured paths start with the MAIN_TRAEFIK_PATH constant.
This commit is contained in:
Mauricio Siu
2025-06-22 23:57:02 -06:00
parent 61cf426615
commit e42f6bc610
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/dokploy/server/api/routers/settings.ts
View File

@@ -459,6 +459,15 @@ export const settingsRouter = createTRPCRouter({
throw new TRPCError({ code: "UNAUTHORIZED" });
}
}
if (input.serverId) {
const server = await findServerById(input.serverId);
if (server.organizationId !== ctx.session?.activeOrganizationId) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
}
return readConfigInPath(input.path, input.serverId);
}),
getIp: protectedProcedure.query(async ({ ctx }) => {