CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Document and further restrict a possible path traversal issue

Browse Source
This commit is contained in:
Raphael Michel
2016-08-29 21:49:14 +02:00
parent b14ada27d0
commit aad44105a4
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/control/urls.py
View File

@@ -93,5 +93,5 @@ urlpatterns = [
url(r'^orders/$', orders.OrderList.as_view(), name='event.orders'),
url(r'^attendees/$', attendees.AttendeeList.as_view(), name='event.attendees'),
])),
url(r'^help/(?P<topic>[^.]+)$', help.HelpView.as_view(), name='help'),
url(r'^help/(?P<topic>[a-zA-Z0-9_/]+)$', help.HelpView.as_view(), name='help'),
]