pages/pages-server
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2025-04-19 11:36:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Security Fix: clean paths correctly to avoid circumvention of BlacklistedPaths

Browse source
This commit is contained in:
Moritz Marquardt 2023-08-27 10:13:15 +02:00
parent d720d25e42
commit 56d3e291c4
3 changed files with 72 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/context/context.go
View file

@ -48,11 +48,9 @@ func (c *Context) Redirect(uri string, statusCode int) {
http.Redirect(c.RespWriter, c.Req, uri, statusCode)
}
// Path returns requested path.
//
// The returned bytes are valid until your request handler returns.
// Path returns the cleaned requested path.
func (c *Context) Path() string {
return c.Req.URL.Path
return utils.CleanPath(c.Req.URL.Path)
}
func (c *Context) Host() string {