rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Http/Controllers/Api
History
Andras Bacsai 3fdce06b65 fix(storage): consistent path validation and escaping for file volumes 
Ensure all file volume paths are validated and properly escaped before
use. Previously, only directory mount paths were validated at the input
layer — file mount paths now receive the same treatment across Livewire
components, API controllers, and the model layer.

- Validate and escape fs_path at the top of saveStorageOnServer() before
  any commands are built
- Add path validation to submitFileStorage() in Storage Livewire component
- Add path validation to file mount creation in Applications, Services,
  and Databases API controllers
- Add regression tests for path validation coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 23:44:37 +01:00
..
ApplicationsController.php fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
CloudProviderTokensController.php fix(docs): remove incorrect uuid format in openapi spec (#7419) 2026-01-04 16:16:19 +01:00
DatabasesController.php fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
DeployController.php fix(api): cast teamId to int in deployment authorization check 2026-03-12 13:25:10 +01:00
GithubController.php Changes auto-committed by Conductor 2025-10-16 13:19:05 +02:00
HetznerController.php refactor(team): make server limit methods accept optional team parameter 2026-03-23 21:56:50 +01:00
OpenApi.php feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
OtherController.php fix: missing 422 error code in openapi spec 2025-10-12 14:20:45 +02:00
ProjectController.php fix(docs): remove incorrect uuid format in openapi spec (#7419) 2026-01-04 16:16:19 +01:00
ResourcesController.php feat(auth): implement comprehensive authorization checks across API controllers 2025-08-23 18:51:10 +02:00
ScheduledTasksController.php fix(api): improve scheduled tasks validation and delete logic 2026-02-18 14:30:44 +01:00
SecurityController.php fix: missing 422 error code in openapi spec 2025-10-12 14:20:45 +02:00
ServersController.php fix(api): validate server ownership in domains endpoint and scope activity lookups 2026-03-25 16:20:53 +01:00
ServicesController.php fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
TeamController.php fix(team): improve team retrieval and session handling for users 2025-12-28 14:50:59 +01:00