all repos — flounder @ aab409b8e765ec76e2ac91194a57f3734d81b1fe

A small site builder for the Gemini protocol

check mimetype on edit file
alex wennerberg alex@alexwennerberg.com
Thu, 29 Oct 2020 18:25:16 -0700
commit

aab409b8e765ec76e2ac91194a57f3734d81b1fe

parent

1dc7bca96c49c3edf181006277ec8baa5134e3e2

1 files changed, 6 insertions(+), 0 deletions(-)

jump to
M http.gohttp.go 
@@ -13,6 +13,7 @@ "html/template"
 	"io"
 	"io/ioutil"
 	"log"
+	"mime"
 	"net/http"
 	"os"
 	"path"

@@ -82,6 +83,11 @@ renderError(w, "403: Forbidden", 403)
 		return
 	}
 	fileName := filepath.Clean(r.URL.Path[len("/edit/"):])
+	isText := strings.HasPrefix(mime.TypeByExtension(path.Ext(fileName)), "text")
+	if !isText {
+		renderError(w, "Not a text file", 400) // correct status code?
+		return
+	}
 	filePath := path.Join(c.FilesDirectory, authUser, fileName)
 	if r.Method == "GET" {
 		err := checkIfValidFile(filePath, nil)