1
0
Fork 1
mirror of https://akkoma.dev/AkkomaGang/akkoma.git synced 2024-11-18 02:49:18 +00:00
akkoma/lib/pleroma/emoji
Oneric ddd79ff22d Proactively harden emoji pack against path traversal
No new path traversal attacks are known. But given the many entrypoints
and code flow complexity inside pack.ex, it unfortunately seems
possible a future refactor or addition might reintroduce one.
Furthermore, some old packs might still contain traversing path entries
which could trigger undesireable actions on rename or delete.

To ensure this can never happen, assert safety during path construction.

Path.safe_relative was introduced in Elixir 1.14, but
fortunately, we already require at least 1.14 anyway.
2024-03-18 22:33:10 -01:00
..
combinations.ex Fix emoji qualification (#124) 2022-07-28 12:02:36 +00:00
formatter.ex Deprecate Pleroma.Web.base_url/0 2021-05-31 16:48:03 -05:00
loader.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
pack.ex Proactively harden emoji pack against path traversal 2024-03-18 22:33:10 -01:00