mirrors/filebrowser
1
0
Fork 0
mirror of https://github.com/filebrowser/filebrowser.git synced 2025-11-26 14:25:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Copy and cut files

Browse Source
This commit is contained in:
Henrique Dias
2017-07-26 15:55:39 +01:00
parent 1673b9afa3
commit 64e70e39dc
19 changed files with 371 additions and 2547 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
resource.go
View File

@@ -13,11 +13,18 @@ import (
"github.com/hacdias/filemanager/dir"
)
func resourceHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
r.URL.Path = dir.SlashClean(r.URL.Path)
if !c.User.Allowed(r.URL.Path) {
return http.StatusForbidden, nil
// sanitizeURL sanitizes the URL to prevent path transversal
// using dir.SlashClean and adds the trailing slash bar.
func sanitizeURL(url string) string {
path := dir.SlashClean(url)
if strings.HasSuffix(url, "/") && path != "/" {
return path + "/"
}
return path
}
func resourceHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
r.URL.Path = sanitizeURL(r.URL.Path)
switch r.Method {
case http.MethodGet: