jabuxas/abyss
jabuxas/abyss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

feat(): sanitize '/' path properly

Browse Source
This commit is contained in:
Lucas Barbieri 2024-08-19 20:00:07 -03:00
parent b8ad1dd9b9
commit 2212962796
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main.go
View File

@ -7,7 +7,6 @@ import (
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"time" "time"
) )
@ -28,7 +27,13 @@ func main() {
} }
func fileHandler(w http.ResponseWriter, r *http.Request) { func fileHandler(w http.ResponseWriter, r *http.Request) {
path := filepath.Join(filesDir, strings.TrimPrefix(r.URL.Path, "/")) name := filepath.Clean(r.URL.Path)
path := filepath.Join(filesDir, name)
if !filepath.IsLocal(path) {
http.Error(w, "Wrong url", http.StatusBadRequest)
return
}
if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() { if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() {
http.ServeFile(w, r, path) http.ServeFile(w, r, path)