github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 09:41:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): restrict MEDIA path extraction to prevent LFI (#4930)

Browse Source 
* fix(security): restrict inbound media staging to media directory

* docs: update MEDIA path guidance for security restrictions

- Update agent hint to warn against absolute/~ paths
- Update docs example to use https:// instead of /tmp/

---------

Co-authored-by: Evan Otero <evanotero@google.com>
This commit is contained in:
Glucksberg
2026-01-31 14:55:37 -04:00
committed by GitHub
parent f1de88c198
commit 34e2425b4d
4 changed files with 98 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/auto-reply/reply/get-reply-run.ts
View File

@@ -248,7 +248,7 @@ export async function runPreparedReply(
const prefixedBody = [threadStarterNote, prefixedBodyBase].filter(Boolean).join("\n\n");
const mediaNote = buildInboundMediaNote(ctx);
const mediaReplyHint = mediaNote
? "To send an image back, prefer the message tool (media/path/filePath). If you must inline, use MEDIA:/path or MEDIA:https://example.com/image.jpg (spaces ok, quote if needed). Keep caption in the text body."
? "To send an image back, prefer the message tool (media/path/filePath). If you must inline, use MEDIA:https://example.com/image.jpg (spaces ok, quote if needed) or a safe relative path like MEDIA:./image.jpg. Avoid absolute paths (MEDIA:/...) and ~ paths — they are blocked for security. Keep caption in the text body."
: undefined;
let prefixedCommandBody = mediaNote
? [mediaNote, mediaReplyHint, prefixedBody ?? ""].filter(Boolean).join("\n").trim()