1
0
Fork 0
forked from mirrors/akkoma
akkoma/test
Oneric ddd79ff22d Proactively harden emoji pack against path traversal
No new path traversal attacks are known. But given the many entrypoints
and code flow complexity inside pack.ex, it unfortunately seems
possible a future refactor or addition might reintroduce one.
Furthermore, some old packs might still contain traversing path entries
which could trigger undesireable actions on rename or delete.

To ensure this can never happen, assert safety during path construction.

Path.safe_relative was introduced in Elixir 1.14, but
fortunately, we already require at least 1.14 anyway.
2024-03-18 22:33:10 -01:00
..
config remove default emoji file 2022-08-11 19:05:41 +01:00
credo/check/consistency giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
fixtures Add XML matcher 2023-08-07 11:12:14 +01:00
instance_static URL encode remote emoji pack names (#362) 2023-01-15 18:14:04 +00:00
mix Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
pleroma Proactively harden emoji pack against path traversal 2024-03-18 22:33:10 -01:00
support Prune old Update activities 2024-02-17 16:57:40 +01:00
test_helper.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00