go-pkg/asynqmon
2
0
Fork 0
mirror of https://github.com/hibiken/asynqmon.git synced 2025-01-31 17:10:11 +08:00
Code Issues Projects Releases Wiki Activity

fix: use platform independent absolute path algorithm

Browse Source 
Fixes issue https://github.com/hibiken/asynqmon/issues/257
This commit is contained in:
Paweł Kierski 2023-04-07 17:20:44 +02:00 committed by GitHub
parent 5c48e4e31d
commit 724e77fc0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
static.go
View File

@ -29,11 +29,7 @@ type uiAssetsHandler struct {
// serve the file specified by the URL path.
func (h *uiAssetsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Get the absolute path to prevent directory traversal.
path, err := filepath.Abs(r.URL.Path)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
path := filepath.filepath.ToSlash(filepath.Clean(r.URL.Path))
// Get the path relative to the root path.
if !strings.HasPrefix(path, h.rootPath) {