mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 20:03:12 +03:00
07f9564eea
closes https://github.com/TryGhost/Product/issues/4191 Without this patch, themes can read arbitrary files from your system and expose them to the internet via the layout feature of express-hbs. For example `{{!< ../../../../config.production.json}}` would spit out config, which can contain secrets. As theme upload is restricted to users with the Admin role, this mostly effects hosting providers which use their own secret keys for e.g. mail or database config |
||
---|---|---|
.. | ||
content | ||
core | ||
test | ||
.c8rc.e2e.json | ||
.c8rc.json | ||
.eslintignore | ||
.eslintrc.js | ||
.npmignore | ||
config.development.json | ||
ghost.js | ||
index.js | ||
jsconfig.json | ||
loggingrc.js | ||
MigratorConfig.js | ||
monobundle.js | ||
newrelic.js | ||
package.json | ||
playwright.config.js |