proxy: limit theme value in length and disallow '/'

[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs

diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index d93840c5809ed0216fabf67b205b3ce614947e3a..85c34ea2c06ec3df98c1729e68302a9c3a46b010 100644 (file)
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -96,10 +96,12 @@ fn get_language(headers: &http::HeaderMap) -> String {
 
 fn get_theme(headers: &http::HeaderMap) -> String {
     let exists = |t: &str| {
-        Path::new(&format!(
-            "/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css"
-        ))
-        .exists()
+        t.len() < 32
+            && !t.contains('/')
+            && Path::new(&format!(
+                "/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css"
+            ))
+            .exists()
     };
 
     match cookie_from_header(headers, "PBSThemeCookie") {