From 8ee280de87eae7ce0b8ee7039cd1881a86e49e15 Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Tue, 30 Apr 2024 13:36:08 +0200
Subject: [PATCH] Clean file of .. or ./ before checking Abs.

---
 transcoder/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/transcoder/utils.go b/transcoder/utils.go
index e68a6b93..961e0f24 100644
--- a/transcoder/utils.go
+++ b/transcoder/utils.go
@@ -30,7 +30,7 @@ func GetPath(c echo.Context) (string, string, error) {
 	if err != nil {
 		return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64 encoded.")
 	}
-	path := string(pathb)
+	path := filepath.Clean(string(pathb))
 	if !filepath.IsAbs(path) {
 		return "", "", echo.NewHTTPError(http.StatusBadRequest, "Absolute path required.")
 	}