]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b5da46) | patch
Dav: improved path validation for COPY and MOVE operations
authorSai Krishna Kumar Reddy Yadamakanti <saikrishnakumarreddy@gmail.com>
Tue, 5 May 2026 12:01:04 +0000 (12:01 +0000)
committerSai Krishna Kumar Reddy YADAMAKANTI <46914419+saikrishnakumarreddy@users.noreply.github.com>
Wed, 6 May 2026 14:05:17 +0000 (19:35 +0530)
commitf0a084645b8fede56ee08f2cc557c2475eb2a28d
tree860ea76bc59c923b10a9a9cdd33d443e3ab244ectree | snapshot
parent3b5da468b3b14857fbd90298e249d6333dc68705commit | diff
Dav: improved path validation for COPY and MOVE operations

The COPY and MOVE handler did not validate whether source and
destination paths referred to the same resource or a parent-child
collection relationship, which could corrupt or destroy files.

Now 403 is returned if paths match or one is a prefix of the other.

Reported by Mufeed VH of Winfunc Research.
src/http/modules/ngx_http_dav_module.c diff | blob | history
nginx upstream