Copy and cut files
Former-commit-id: ac9399efef37f13706590384e29295c6234acb7c [formerly f62dcb89aa49125769405c502688f3f8d4348da3] [formerly 4b9f0fd696f449c30da2d2f7a11cf5d6c7054c54 [formerly 64e70e39dcf6759e04315bc97ec6a0fed927c737]] Former-commit-id: 422165231c785b121b1f6725909d3ce7c8dcdfee [formerly 2b26582a03f674d40abb39e27b2cc880d2bd3ebb] Former-commit-id: ee743808a3c012514c9b7d57a34c79e408a8a78b
This commit is contained in:
Henrique Dias
15
resource.go
15
resource.go
@@ -13,11 +13,18 @@ import (
|
||||
"github.com/hacdias/filemanager/dir"
|
||||
)
|
||||
|
||||
func resourceHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
r.URL.Path = dir.SlashClean(r.URL.Path)
|
||||
if !c.User.Allowed(r.URL.Path) {
|
||||
return http.StatusForbidden, nil
|
||||
// sanitizeURL sanitizes the URL to prevent path transversal
|
||||
// using dir.SlashClean and adds the trailing slash bar.
|
||||
func sanitizeURL(url string) string {
|
||||
path := dir.SlashClean(url)
|
||||
if strings.HasSuffix(url, "/") && path != "/" {
|
||||
return path + "/"
|
||||
}
|
||||
return path
|
||||
}
|
||||
|
||||
func resourceHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
r.URL.Path = sanitizeURL(r.URL.Path)
|
||||
|
||||
switch r.Method {
|
||||
case http.MethodGet:
|
||||
|
||||
Reference in New Issue
Block a user