MyFavMirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-02-23 11:32:35 -05:00
Code Issues Packages Projects Releases Wiki Activity

allow CLI to upload files with truncated filenames (#5618)

Browse Source 
due to a bug in the CLI the filename in the form-data is not complete if
the encrypted filename happens to contain a /
This commit is contained in:
Stefan Melmuk 2025-02-19 10:40:59 +01:00 committed by GitHub
parent 3baffeee9a
commit 359a4a088a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/api/core/sends.rs
View File

@ -378,7 +378,11 @@ async fn post_send_file_v2_data(
}; };
match data.data.raw_name() { match data.data.raw_name() {
Some(raw_file_name) if raw_file_name.dangerous_unsafe_unsanitized_raw() == send_data.fileName => (), Some(raw_file_name)
if raw_file_name.dangerous_unsafe_unsanitized_raw() == send_data.fileName
// be less strict only if using CLI, cf. https://github.com/dani-garcia/vaultwarden/issues/5614
|| (headers.device.is_cli() && send_data.fileName.ends_with(raw_file_name.dangerous_unsafe_unsanitized_raw().as_str())
) => {}
Some(raw_file_name) => err!( Some(raw_file_name) => err!(
"Send file name does not match.", "Send file name does not match.",
format!( format!(

4
src/db/models/device.rs
View File

@ -135,6 +135,10 @@ impl Device {
pub fn is_registered(&self) -> bool { pub fn is_registered(&self) -> bool {
self.push_uuid.is_some() self.push_uuid.is_some()
} }
pub fn is_cli(&self) -> bool {
matches!(DeviceType::from_i32(self.atype), DeviceType::WindowsCLI | DeviceType::MacOsCLI | DeviceType::LinuxCLI)
}
} }
pub struct DeviceWithAuthRequest { pub struct DeviceWithAuthRequest {