all repos — flounder @ 4b85797053e9433b25d6961b53092975a66c6a45

A small site builder for the Gemini protocol

clean filepaths
alex wennerberg alex@alexwennerberg.com
Sat, 24 Oct 2020 11:29:28 -0700
commit

4b85797053e9433b25d6961b53092975a66c6a45

parent

56777472e76955038796df889db7e26fed227dcb

1 files changed, 3 insertions(+), 2 deletions(-)

jump to
M http.gohttp.go 
@@ -116,6 +116,7 @@ if r.Method == "POST" {
 		authUser := "alex"
 		r.ParseMultipartForm(10 << 20)
 		file, fileHeader, err := r.FormFile("file")
+		fileName := filepath.Clean(fileHeader.Filename)
 		defer file.Close()
 		if err != nil {
 			log.Println(err)

@@ -125,13 +126,13 @@ }
 		var dest []byte
 		file.Read(dest)
 		log.Println("asdfadf")
-		err = checkIfValidFile(fileHeader.Filename, dest)
+		err = checkIfValidFile(fileName, dest)
 		if err != nil {
 			log.Println(err)
 			renderError(w, err.Error(), 400)
 			return
 		}
-		destPath := path.Join(c.FilesDirectory, authUser, fileHeader.Filename)
+		destPath := path.Join(c.FilesDirectory, authUser, fileName)
 
 		f, err := os.OpenFile(destPath, os.O_WRONLY|os.O_CREATE, 0644)
 		if err != nil {