```
fix(file): add path cleaning to prevent directory traversal Clean the path to resolve any ".." components before checking to enhance security and prevent path traversal vulnerabilities. ```
This commit is contained in:
parent
5392c13086
commit
ca5515387a
|
|
@ -46,6 +46,9 @@ func (f FileHandler) Open(name string) (http.File, error) {
|
|||
rPath = filepath.Join(f.Root, strings.TrimPrefix(relatedPath, "/"))
|
||||
}
|
||||
|
||||
// Clean the path to resolve any ".." components before checking
|
||||
rPath = filepath.Clean(rPath)
|
||||
|
||||
// Resolve symlinks and clean path to prevent path traversal
|
||||
realRoot, err := filepath.EvalSymlinks(f.Root)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue