calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-10 20:02:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1949 from marcschaeferger-org/fix-security/other

Browse Source 
Fix multiple reported Security Issues
This commit is contained in:
Owen Schwartz
2025-12-06 11:24:01 -05:00
committed by GitHub
parent ccb17cdbbf 336d31ce39
commit dbc046397b
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/db/names.ts
View File

@@ -1,6 +1,7 @@
import { join } from "path"; import { join } from "path";
import { readFileSync } from "fs"; import { readFileSync } from "fs";
import { db, resources, siteResources } from "@server/db"; import { db, resources, siteResources } from "@server/db";
import { randomInt } from "crypto";
import { exitNodes, sites } from "@server/db"; import { exitNodes, sites } from "@server/db";
import { eq, and } from "drizzle-orm"; import { eq, and } from "drizzle-orm";
import { __DIRNAME } from "@server/lib/consts"; import { __DIRNAME } from "@server/lib/consts";
@@ -99,10 +100,10 @@ export async function getUniqueExitNodeEndpointName(): Promise<string> {
export function generateName(): string { export function generateName(): string {
const name = ( const name = (
names.descriptors[ names.descriptors[
Math.floor(Math.random() * names.descriptors.length) randomInt(names.descriptors.length)
] + ] +
"-" + "-" +
names.animals[Math.floor(Math.random() * names.animals.length)] names.animals[randomInt(names.animals.length)]
) )
.toLowerCase() .toLowerCase()
.replace(/\s/g, "-"); .replace(/\s/g, "-");

2
server/lib/validators.ts
View File

@@ -68,7 +68,7 @@ export function isUrlValid(url: string | undefined) {
if (!url) return true; // the link is optional in the schema so if it's empty it's valid if (!url) return true; // the link is optional in the schema so if it's empty it's valid
var pattern = new RegExp( var pattern = new RegExp(
"^(https?:\\/\\/)?" + // protocol "^(https?:\\/\\/)?" + // protocol
"((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|" + // domain name "(((?:[a-z\\d-]{1,61}[a-z\\d])\\.)+[a-z]{2,}|" + // domain name
"((\\d{1,3}\\.){3}\\d{1,3}))" + // OR ip (v4) address "((\\d{1,3}\\.){3}\\d{1,3}))" + // OR ip (v4) address
"(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*" + // port and path "(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*" + // port and path
"(\\?[;&a-z\\d%_.~+=-]*)?" + // query string "(\\?[;&a-z\\d%_.~+=-]*)?" + // query string

2
src/components/LoginForm.tsx
View File

@@ -410,7 +410,7 @@ export default function LoginForm({
<div className="text-center"> <div className="text-center">
<Link <Link
href={`${env.app.dashboardUrl}/auth/reset-password${form.getValues().email ? `?email=${form.getValues().email}` : ""}`} href={`${env.app.dashboardUrl}/auth/reset-password${form.getValues().email ? `?email=${encodeURIComponent(form.getValues().email)}` : ""}`}
className="text-sm text-muted-foreground" className="text-sm text-muted-foreground"
> >
{t("passwordForgot")} {t("passwordForgot")}