Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dev' into 1.6

Browse source
This commit is contained in:
Théophile Diot 2024-07-24 12:37:57 +01:00
commit 809d0d98cf
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
2 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/common/core/ui/confs/modsec/ui.conf
View file

@ -2,4 +2,5 @@
SecRule REQUEST_FILENAME "@rx /(global_config|services)$" "id:7771,ctl:ruleRemoveByTag=language-shell,ctl:ruleRemoveByTag=platform-pgsql,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-ssrf,nolog"
SecRule REQUEST_FILENAME "@rx /configs$" "id:7772,ctl:ruleRemoveByTag=language-shell,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-ssrf,nolog"
SecRule REQUEST_FILENAME "@rx /jobs$" "id:7773,ctl:ruleRemoveByTag=language-shell,ctl:ruleRemoveByTag=language-php,nolog"
SecRule REQUEST_FILENAME "@rx /jobs/download$" "id:7774,ctl:ruleRemoveByTag=attack-lfi,nolog"
{% endif +%}

2
src/ui/main.py
View file

@ -2402,8 +2402,6 @@ def jobs_download():
if not plugin_id or not job_name or not file_name:
return jsonify({"status": "ko", "message": "plugin_id, job_name and file_name are required"}), 422
file_name = secure_filename(file_name)
cache_file = app.config["DB"].get_job_cache_file(job_name, file_name, service_id=service_id, plugin_id=plugin_id)
if not cache_file: