feat(security): use bcrypt hashes and safe paths for boxes
- Replace legacy salted password hashing with bcrypt and store hash alg - Accept existing bcrypt hashes while keeping legacy verification fallback - Validate box IDs and use SafeChildPath for box/file operations to prevent traversal - Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip writefeat(security): use bcrypt hashes and safe paths for boxes - Replace legacy salted password hashing with bcrypt and store hash alg - Accept existing bcrypt hashes while keeping legacy verification fallback - Validate box IDs and use SafeChildPath for box/file operations to prevent traversal - Refactor download flow to share zip writer logic and correctly handle one-time deletes and optional renew-on-download only after a successful zip write
This commit is contained in:
@@ -29,9 +29,10 @@
|
||||
</nav>
|
||||
{{ if .Error }}
|
||||
<p class="admin-error">{{ .Error }}</p>
|
||||
{{ end }}
|
||||
<form class="admin-form" action="/admin/settings" method="post">
|
||||
<table class="admin-table">
|
||||
{{ end }}
|
||||
<form class="admin-form" action="/admin/settings" method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
|
||||
<table class="admin-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Setting</th>
|
||||
|
||||
Reference in New Issue
Block a user