diff options
author | stuebinm | 2021-11-16 21:33:25 +0100 |
---|---|---|
committer | stuebinm | 2021-11-16 21:33:25 +0100 |
commit | 7b079ff7a66ea0d7baa12fa16f084f025c1c9fce (patch) | |
tree | 8ebf61e3a2afb0e7658a93a28eecc7a680d0d8ce /lib | |
parent | 3a3cb19e43cad578600c81858c6d892d1be66ac1 (diff) |
reject map urls starting with /_/
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Properties.hs | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs index 90aa3ad..2ef587c 100644 --- a/lib/Properties.hs +++ b/lib/Properties.hs @@ -1,4 +1,5 @@ {-# LANGUAGE LambdaCase #-} +{-# LANGUAGE MultiWayIf #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} @@ -176,9 +177,11 @@ checkLayerProperty p@(Property name _value) = case name of "allowApi" -> isForbidden "exitUrl" -> do forbidEmptyLayer - unwrapLink p $ \link -> if "/" `isPrefixOf` link - then dependsOn $ MapLink link - else unwrapPath link (dependsOn . LocalMap) + unwrapLink p $ \link -> if + | "/_/" `isPrefixOf` link -> + complain "absolute map links (i.e. links starting with '/_/') are disallowed." + | "/@/" `isPrefixOf` link -> dependsOn $ MapLink link -- TODO + | otherwise -> unwrapPath link (dependsOn . LocalMap) "startLayer" -> do forbidEmptyLayer layer <- askContext |