mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-15 03:12:54 +03:00
f546a5ce1d
no issue Double slashes are treated as a HTTP calls as specified in [RFC1801](http://www.ietf.org/rfc/rfc1808.txt). Because of this behaviour the uncapitalise created an open redirect. By removing double slashes in the path we ensure open redirects cannot be created. As an example, please click the following URL: https://dev.ghost.org///Google.com/. This issue has been reported by pentesters of our product [LearningSpaces.io](http://learningspaces.io). |
||
|---|---|---|
| .. | ||
| api | ||
| validation | ||
| auth-strategies.js | ||
| auth.js | ||
| cache-control.js | ||
| check-ssl.js | ||
| cors.js | ||
| decide-is-admin.js | ||
| index.js | ||
| labs.js | ||
| maintenance.js | ||
| oauth.js | ||
| redirect-to-setup.js | ||
| serve-shared-file.js | ||
| spam-prevention.js | ||
| static-theme.js | ||
| theme-handler.js | ||
| uncapitalise.js | ||