mirror of
https://github.com/Mezeporta/Erupe.git
synced 2026-03-22 07:32:32 +01:00
898ada3d99
Anchor the token regex to ^[A-Za-z0-9]+$ so partial matches on traversal strings like "../../etc/passwd" are rejected. Refactor the handler to use early returns so execution stops immediately on validation failure instead of falling through to os.Create with tainted input.