Validate uploaded file path when saving connection settings
We should validate that the path starts with extract/<extractor>@<profile>
, and build in protection against ..
etc.
Alternatively: we could have the upload endpoint set the setting, and disallow it being set the usual way? (Caveat: how about "Test Connection"?)
Edited by Douwe Maan