rpms
/
grafana
7
0
Fork 0
Code Issues Pull Requests Releases Activity
grafana/SOURCES/007-CVE-2021-39226.patch

56 lines
2.0 KiB
Diff
Raw Blame History

diff --git a/pkg/api/dashboard_snapshot.go b/pkg/api/dashboard_snapshot.go
index d657b98809..a59865cc22 100644
--- a/pkg/api/dashboard_snapshot.go
+++ b/pkg/api/dashboard_snapshot.go
@@ -138,6 +138,9 @@ func CreateDashboardSnapshot(c *models.ReqContext, cmd models.CreateDashboardSna
// GET /api/snapshots/:key
func GetDashboardSnapshot(c *models.ReqContext) Response {
key := c.Params(":key")
+ if len(key) == 0 {
+ return Error(404, "Snapshot not found", nil)
+ }
query := &models.GetDashboardSnapshotQuery{Key: key}
err := bus.Dispatch(query)
@@ -202,6 +205,9 @@ func deleteExternalDashboardSnapshot(externalUrl string) error {
// GET /api/snapshots-delete/:deleteKey
func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response {
key := c.Params(":deleteKey")
+ if len(key) == 0 {
+ return Error(404, "Snapshot not found", nil)
+ }
query := &models.GetDashboardSnapshotQuery{DeleteKey: key}
@@ -229,6 +235,9 @@ func DeleteDashboardSnapshotByDeleteKey(c *models.ReqContext) Response {
// DELETE /api/snapshots/:key
func DeleteDashboardSnapshot(c *models.ReqContext) Response {
key := c.Params(":key")
+ if len(key) == 0 {
+ return Error(404, "Snapshot not found", nil)
+ }
query := &models.GetDashboardSnapshotQuery{Key: key}
diff --git a/vendor/gopkg.in/macaron.v1/router.go b/vendor/gopkg.in/macaron.v1/router.go
index df593d669a..46cb0c160f 100644
--- a/vendor/gopkg.in/macaron.v1/router.go
+++ b/vendor/gopkg.in/macaron.v1/router.go
@@ -289,10 +289,12 @@ func (r *Router) SetHandlerWrapper(f func(Handler) Handler) {
func (r *Router) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
if t, ok := r.routers[req.Method]; ok {
// Fast match for static routes
- leaf := r.getLeaf(req.Method, req.URL.Path)
- if leaf != nil {
- leaf.handle(rw, req, nil)
- return
+ if !strings.ContainsAny(req.URL.Path, ":*") {
+ leaf := r.getLeaf(req.Method, req.URL.Path)
+ if leaf != nil {
+ leaf.handle(rw, req, nil)
+ return
+ }
}
h, p, ok := t.Match(req.URL.EscapedPath())
Reference in New Issue View Git Blame Copy Permalink