Files
Vincent Untz
faff4ae769
Forbid substrings based on a regexp in name_filter middleware
In comments from https://review.openstack.org/8798 it was raised that it might make sense to forbid some substrings in the name_filter middleware. There is now a new forbidden_regexp option for the name_filter middleware to specify which substrings to forbid. The default is "/\./|/\.\./|/\.$|/\.\.$" (or in a non-regexp language: the /./ and /../ substrings as well as strings ending with /. or /..). This can be useful for extra paranoia to avoid directory traversals (bug 1005908), or for more general filtering. Change-Id: I39bf2de45b9dc7d3ca4d350d24b3f2276e958a62 DocImpact: new forbidden_regexp option for the name_filter middleware