The unprotected_files list may have entries starting with "../", in which case a symlink is created to a file outside the course's static directory. On top of that, the symlink itself will be created outside the nginx's static directory, and will thus never be removed.
Validation needs to be added to the unprotected_files to ban targets that point outside the static directory.
The unprotected_files list may have entries starting with "../", in which case a symlink is created to a file outside the course's static directory. On top of that, the symlink itself will be created outside the nginx's static directory, and will thus never be removed.
Validation needs to be added to the unprotected_files to ban targets that point outside the static directory.