File tree Expand file tree Collapse file tree 1 file changed +6
-3
lines changed
Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Original file line number Diff line number Diff line change @@ -5,10 +5,10 @@ import (
55 "bytes"
66 "compress/gzip"
77 "context"
8- "io"
98 "net/http"
109 "os"
1110 "os/exec"
11+ "path/filepath"
1212 "strconv"
1313 "strings"
1414
@@ -100,7 +100,11 @@ func (s *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
100100
101101 // os.Root only accepts relative paths from it's root. So we trim the
102102 // prefix.
103- relDir := strings .TrimPrefix (dir , s .RootFS .Name ()+ string (os .PathSeparator ))
103+ relDir , err := filepath .Rel (dir , s .RootFS .Name ())
104+ if err != nil {
105+ http .Error (w , "invalid path specified: " + err .Error (), http .StatusBadRequest )
106+ return
107+ }
104108 if _ , err = s .RootFS .Stat (relDir ); os .IsNotExist (err ) {
105109 http .Error (w , "repository not found" , http .StatusNotFound )
106110 return
@@ -112,7 +116,6 @@ func (s *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
112116 body := r .Body
113117 defer body .Close ()
114118
115- // TODO(@evict) max filereader
116119 if r .Header .Get ("Content-Encoding" ) == "gzip" {
117120 gzipReader , err := gzip .NewReader (body )
118121 if err != nil {
You can’t perform that action at this time.
0 commit comments