mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-07-09 03:04:20 -04:00
Clean file of .. or ./ before checking Abs. (#456)
This commit is contained in:
commit
f67a7b4fd4
@ -30,7 +30,7 @@ func GetPath(c echo.Context) (string, string, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64 encoded.")
|
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Invalid path. Should be base64 encoded.")
|
||||||
}
|
}
|
||||||
path := string(pathb)
|
path := filepath.Clean(string(pathb))
|
||||||
if !filepath.IsAbs(path) {
|
if !filepath.IsAbs(path) {
|
||||||
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Absolute path required.")
|
return "", "", echo.NewHTTPError(http.StatusBadRequest, "Absolute path required.")
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user