From e22451dfbfae46d54258801b50e06065a81be6d9 Mon Sep 17 00:00:00 2001
From: Laurynas Gadliauskas <gadliauskas.laurynas@gmail.com>
Date: Fri, 24 Feb 2023 14:04:29 +0200
Subject: [PATCH] fix: list symlinks with abs targets (#37)

---
 http/resource.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/http/resource.go b/http/resource.go
index 1886e777..304c9ad3 100644
--- a/http/resource.go
+++ b/http/resource.go
@@ -84,14 +84,12 @@ var resourceGetHandler = withUser(func(w http.ResponseWriter, r *http.Request, d
 
 			// remove symlinks that link outside base path
 			if fi.IsSymlink {
-				var fullLinkTarget string
-				if filepath.IsAbs(fi.Link) {
-					fullLinkTarget = fi.Link
-				} else {
-					fullLinkTarget = filepath.Join(d.user.FullPath(file.Path), fi.Link)
+				link := fi.Link
+				if !filepath.IsAbs(link) {
+					link = filepath.Join(d.user.FullPath(file.Path), link)
 				}
-				scopedLinkTarget := d.user.FullPath(filepath.Join(file.Path, fi.Link))
-				if fullLinkTarget != scopedLinkTarget {
+				link = filepath.Clean(link)
+				if !strings.HasPrefix(link, d.server.Root) {
 					return false
 				}
 			}