root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 142 Packages Projects Releases Wiki Activity

BackendSrv: remove ampersand in validatePath (#109725) 

remove ampersand from fetch URL split

Co-authored-by: Isaiah Grigsby <isaiah.grigsby@grafana.com>
This commit is contained in:
Kristian Bremberg 2025-08-27 20:30:06 +02:00 committed by GitHub
parent 93a35fc7be
commit be4dc6fdb6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/grafana-data/src/text/sanitize.ts
View File

@ -156,7 +156,7 @@ export function validatePath<OriginalPath extends string>(path: OriginalPath): O
}
// Remove query params and fragments to check only the path portion
const cleaned = originalDecoded.split(/[\?&#]/)[0];
const cleaned = originalDecoded.split(/[\?#]/)[0];
originalDecoded = cleaned;
// If the original string contains traversal attempts, block it