Skip to content

Commit

Permalink
Switch back to logical OR check
Browse files Browse the repository at this point in the history
  • Loading branch information
@bkimminich
bkimminich committed Sep 22, 2022
1 parent 0afa197 commit 47c1ed9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion routes/fileUpload.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ function handleXmlUpload ({ file }: Request, res: Response, next: NextFunction)
vm.createContext(sandbox)
const xmlDoc = vm.runInContext('libxml.parseXml(data, { noblanks: true, noent: true, nocdata: true })', sandbox, { timeout: 2000 })
const xmlString = xmlDoc.toString(false)
challengeUtils.solveIf(challenges.xxeFileDisclosureChallenge, () => { return (utils.matchesSystemIniFile(xmlString) ?? utils.matchesEtcPasswdFile(xmlString)) })
challengeUtils.solveIf(challenges.xxeFileDisclosureChallenge, () => { return (utils.matchesSystemIniFile(xmlString) || utils.matchesEtcPasswdFile(xmlString)) })
res.status(410)
next(new Error('B2B customer complaints via file upload have been deprecated for security reasons: ' + utils.trunc(xmlString, 400) + ' (' + file.originalname + ')'))
} catch (err: any) { // TODO: Remove any
Expand Down

0 comments on commit 47c1ed9

Please sign in to comment.