all repos — flounder @ 6255fb0a574a20fcb1fe198dd3f8ac9563b46123

A small site builder for the Gemini protocol

Add limits to sftp upload
alex wennerberg alex@alexwennerberg.com
Sat, 27 Feb 2021 10:07:26 -0800
commit

6255fb0a574a20fcb1fe198dd3f8ac9563b46123

parent

ea5e67c4e14bd7fc12d4a64118252a2dbc3a1abb

1 files changed, 10 insertions(+), 2 deletions(-)

jump to
M sftp.gosftp.go 
@@ -37,10 +37,14 @@ }
 	return f, nil
 }
 
-func (con *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
+func (conn *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
 	// check user perms -- cant write others files
-	userDir := getUserDirectory(con.User) // NOTE -- not cross platform
+	userDir := getUserDirectory(conn.User) // NOTE -- not cross platform
 	fullpath := path.Join(userDir, filepath.Clean(request.Filepath))
+	err := checkIfValidFile(conn.User, fullpath, []byte{})
+	if err != nil {
+		return nil, err
+	}
 	f, err := os.OpenFile(fullpath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
 		return nil, err

@@ -84,6 +88,10 @@ err = os.Remove(fullpath)
 	case "Mkdir":
 		err = os.Mkdir(fullpath, 0755)
 	case "Rename":
+		err := checkIfValidFile(conn.User, targetPath, []byte{})
+		if err != nil {
+			return err
+		}
 		err = os.Rename(fullpath, targetPath)
 	}
 	if err != nil {