Home Explore Help
Sign In
TC
/
Zoraxy
mirror of https://git.hkwtc.org/TC/ReverseProxy
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixed path cleaning algorithm

tobychui 7 months ago
parent
39531d4b0b
commit
785fb467b3
2 changed files with 4 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      main.go
  2. 3 1
      mod/webserv/filemanager/filemanager.go

+ 1 - 1
main.go
View File 

@@ -117,7 +117,7 @@ func SetupCloseHandler() {
 
 
 func ShutdownSeq() {
 
 	SystemWideLogger.Println("Shutting down " + name)
 
-	//SystemWideLogger.Println("Closing GeoDB ")
 
+	//SystemWideLogger.Println("Closing GeoDB")
 
 	//geodbStore.Close()
 
 	SystemWideLogger.Println("Closing Netstats Listener")
 
 	netstatBuffers.Close()

+ 3 - 1
mod/webserv/filemanager/filemanager.go
View File 

@@ -44,7 +44,9 @@ func (fm *FileManager) HandleList(w http.ResponseWriter, r *http.Request) {
 
 

 	// Clean path to prevent path escape #274

 	targetDir = filepath.ToSlash(filepath.Clean(targetDir))

-	targetDir = strings.ReplaceAll(targetDir, "../", "")

+	for strings.Contains(targetDir, "../") {

+		targetDir = strings.ReplaceAll(targetDir, "../", "")

+	}

 

 	// Open the target directory

 	dirEntries, err := os.ReadDir(targetDir)