1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-09 02:05:59 +01:00

Clean up path handling in webserver.

This commit is contained in:
Juliusz Chroboczek 2021-02-07 01:42:31 +01:00
parent c4e26b65b7
commit 8f89ac0bcf
2 changed files with 43 additions and 9 deletions

View file

@ -242,20 +242,23 @@ func serveFile(w http.ResponseWriter, r *http.Request, p string) {
http.ServeContent(w, r, fi.Name(), fi.ModTime(), f) http.ServeContent(w, r, fi.Name(), fi.ModTime(), f)
} }
func parseGroupName(path string) string { func parseGroupName(prefix string, p string) string {
if !strings.HasPrefix(path, "/group/") { if !strings.HasPrefix(p, prefix) {
return "" return ""
} }
name := path[len("/group/"):] name := p[len("/group/"):]
if name == "" { if name == "" {
return "" return ""
} }
if name[len(name)-1] == '/' { if filepath.Separator != '/' &&
name = name[:len(name)-1] strings.ContainsRune(name, filepath.Separator) {
return ""
} }
return name
name = path.Clean("/" + name)
return name[1:]
} }
func groupHandler(w http.ResponseWriter, r *http.Request) { func groupHandler(w http.ResponseWriter, r *http.Request) {
@ -264,14 +267,14 @@ func groupHandler(w http.ResponseWriter, r *http.Request) {
} }
mungeHeader(w) mungeHeader(w)
name := parseGroupName(r.URL.Path) name := parseGroupName("/group/", r.URL.Path)
if name == "" { if name == "" {
notFound(w) notFound(w)
return return
} }
if strings.HasSuffix(r.URL.Path, "/") { if r.URL.Path != "/group/" + name {
http.Redirect(w, r, r.URL.Path[:len(r.URL.Path)-1], http.Redirect(w, r, "/group/" + name,
http.StatusPermanentRedirect) http.StatusPermanentRedirect)
return return
} }

View file

@ -0,0 +1,31 @@
package webserver
import (
"testing"
)
func TestParseGroupName(t *testing.T) {
a := []struct{ p, g string }{
{"", ""},
{"/foo", ""},
{"foo", ""},
{"group/foo", ""},
{"/group", ""},
{"/group/..", ""},
{"/group/foo/../bar", "bar"},
{"/group/foo", "foo"},
{"/group/foo/", "foo"},
{"/group/foo/bar", "foo/bar"},
{"/group/foo/bar/", "foo/bar"},
}
for _, pg := range a {
t.Run(pg.p, func(t *testing.T) {
g := parseGroupName("/group/", pg.p)
if g != pg.g {
t.Errorf("Path %v, got %v, expected %v",
pg.p, g, pg.g)
}
})
}
}