sjs/agate
1
0
Fork 0
mirror of https://github.com/samsonjs/agate.git synced 2026-03-25 09:05:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

only check path segments in URL

Browse source 
This will only check path segments specified in the request URL and not
path segments that are part of the path specified on the command line.

Otherwise if the content directory was (in) a hidden directory, or specified
with a relative path containing "." or ".." segments, nothing would be served.
This commit is contained in:
Johann150 2021-01-16 13:22:56 +01:00 committed by Matt Brubeck
parent 972ecf8c13
commit 4e7d09204f
1 changed files with 5 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/main.rs
View file

@ -178,20 +178,15 @@ async fn send_response(url: Url, stream: &mut TlsStream<TcpStream>) -> Result {
let mut path = std::path::PathBuf::from(&ARGS.content_dir);
if let Some(segments) = url.path_segments() {
for segment in segments {
if !ARGS.serve_secret && segment.starts_with('.') {
// Do not serve anything that looks like a hidden file.
return send_header(stream, 52, &["If I told you, it would not be a secret."])
.await;
}
path.push(&*percent_decode_str(segment).decode_utf8()?);
}
}
// Do not serve anything that looks like a hidden file.
if !ARGS.serve_secret
&& path
.iter()
.filter_map(|component| component.to_str())
.any(|component| component.starts_with("."))
{
return send_header(stream, 52, &["If I told you, it would not be a secret."]).await;
}
if let Ok(metadata) = tokio::fs::metadata(&path).await {
if metadata.is_dir() {
if url.path().ends_with('/') || url.path().is_empty() {