fix: Auth Remote Code execution

2023-09-28 17:43:58 +03:00
parent 2323e9c0e3
commit 97a075cf63
4 changed files with 89 additions and 9 deletions
--- a/config/cachet.php
+++ b/config/cachet.php
@@ -46,4 +46,22 @@ return [

    'beacon' => env('CACHET_BEACON', true),

+
+    /*
+    |--------------------------------------------------------------------------
+    | Templates configurations
+    |--------------------------------------------------------------------------
+    |
+    | Security fix: now user can provide information which will be included to the Twig sandbox settings
+    |
+    | Default: Described below
+    |
+    */
+    'twig' => [
+        'methods' => [], 
+        'functions' => [],
+        'filters' => ['escape'],
+        'tags' => ['if'],
+        'props' => [],
+    ]
 ];