fix(file): add path cleaning to prevent directory traversal

Clean the path to resolve any ".." components before checking
to enhance security and prevent path traversal vulnerabilities.
```
This commit is contained in:
kingecg 2026-07-11 18:31:11 +08:00
parent 5392c13086
commit ca5515387a
1 changed files with 3 additions and 0 deletions

View File

@ -46,6 +46,9 @@ func (f FileHandler) Open(name string) (http.File, error) {
rPath = filepath.Join(f.Root, strings.TrimPrefix(relatedPath, "/"))
}
// Clean the path to resolve any ".." components before checking
rPath = filepath.Clean(rPath)
// Resolve symlinks and clean path to prevent path traversal
realRoot, err := filepath.EvalSymlinks(f.Root)
if err != nil {