Incoming label for token ... must not contain slashes or backslashes: bla/bla #111

New issue

Open

opened 2025-08-28 10:27:01 +00:00 by mih · 2 comments

mih commented 2025-08-28 10:27:01 +00:00 (Migrated from github.com)

Copy link

I wonder why that needs to be restricted. It makes sense to prevent escaping, and it makes sense to prevent ../ placement. However, preventing any hierarchical organization implies a potentially overpopulated directory, and any and all incoming areas must be direct children.

I wonder why that needs to be restricted. It makes sense to prevent escaping, and it makes sense to prevent `../` placement. However, preventing any hierarchical organization implies a potentially overpopulated directory, and any and all incoming areas must be direct children.

christian-monch commented 2025-09-02 12:23:36 +00:00 (Migrated from github.com)

Copy link

Since we control the incoming label, we could lift those restrictions. I would add a check to ensure the resulting directory is located below the incoming directory.

Since we control the incoming label, we could lift those restrictions. I would add a check to ensure the resulting directory is located below the incoming directory.

mih commented 2025-09-02 12:33:55 +00:00 (Migrated from github.com)

Copy link

Great, thanks!

Great, thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dynamic-configuration

audit-with-apply-change-set

forgejo-labels

maintenance-command

move-workflow-to-forgejo

classes-in-server-endpoint

redirect-root

linkml-test

issue-175

fix_any_of

forgejo-authsource-caching

issue-168

graphql

5.6.1

5.6.0

5.5.0

5.4.0

5.3.6

5.3.5

5.3.4

5.3.3

5.3.2

5.3.1

5.3.0

5.2.1

5.2.0

5.1.1

5.1.0

5.0.3

5.0.2

5.0.1

5.0.0

4.7.0

4.6.1

4.6.0

4.5.3

4.5.2

4.5.1

4.5.0

4.4.0

4.3.1

4.2.0

4.3.0

4.1.1

4.1.0

4.0.0

3.6.0

3.5.0

3.3.3

3.3.2

3.3.1

3.3.0

3.2.1

3.1.0

3.0.1

3.0.0

2.4.1

2.3.4

2.3.3

2.4.0

2.3.2

2.3.0

2.2.0

2.1.0

2.0.1

2.0.0

1.1.0

1.0.0

0.5.0

0.4.0

0.3.0

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.1

0.1.0

labelless

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

orinoco/dump-things-server#111

No description provided.