root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 236 Packages Projects Releases Wiki Activity

[release-12.1.2] BackendSrv: remove ampersand in validatePath (#110243) 

BackendSrv: remove ampersand in validatePath (#109725)

remove ampersand from fetch URL split


(cherry picked from commit be4dc6fdb6)

Co-authored-by: Kristian Bremberg <114284895+KristianGrafana@users.noreply.github.com>
Co-authored-by: Isaiah Grigsby <isaiah.grigsby@grafana.com>
This commit is contained in:
grafana-delivery-bot[bot] 2025-08-27 15:42:42 -05:00 committed by GitHub
parent 845f7efd02
commit 38958ee7b7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/grafana-data/src/text/sanitize.ts
View File

@ -147,7 +147,7 @@ export function validatePath<OriginalPath extends string>(path: OriginalPath): O
}
// Remove query params and fragments to check only the path portion
const cleaned = originalDecoded.split(/[\?&#]/)[0];
const cleaned = originalDecoded.split(/[\?#]/)[0];
originalDecoded = cleaned;
// If the original string contains traversal attempts, block it