coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	3fdce06b65	fix(storage): consistent path validation and escaping for file volumes Ensure all file volume paths are validated and properly escaped before use. Previously, only directory mount paths were validated at the input layer — file mount paths now receive the same treatment across Livewire components, API controllers, and the model layer. - Validate and escape fs_path at the top of saveStorageOnServer() before any commands are built - Add path validation to submitFileStorage() in Storage Livewire component - Add path validation to file mount creation in Applications, Services, and Databases API controllers - Add regression tests for path validation coverage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:44:37 +01:00
Andras Bacsai	0073d045fb	fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection	2025-11-27 14:36:31 +01:00

Author

SHA1

Message

Date

Andras Bacsai

3fdce06b65

fix(storage): consistent path validation and escaping for file volumes

Ensure all file volume paths are validated and properly escaped before
use. Previously, only directory mount paths were validated at the input
layer — file mount paths now receive the same treatment across Livewire
components, API controllers, and the model layer.

- Validate and escape fs_path at the top of saveStorageOnServer() before
  any commands are built
- Add path validation to submitFileStorage() in Storage Livewire component
- Add path validation to file mount creation in Applications, Services,
  and Databases API controllers
- Add regression tests for path validation coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-25 23:44:37 +01:00

Andras Bacsai

0073d045fb

fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection

2025-11-27 14:36:31 +01:00

2 commits