Skip to content

Commit

Permalink
fix path traversal
Browse files Browse the repository at this point in the history
  • Loading branch information
@neolynx
neolynx committed Oct 10, 2024
1 parent ce2966e commit 0403480
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion api/publish.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,11 @@ func getSigner(options *SigningOptions) (pgp.Signer, error) {
return signer, nil
}

// Replace '_' with '/' and double '__' with single '_'
// Replace '_' with '/' and double '__' with single '_', remove leading '/', remove '..'
func parseEscapedPath(path string) string {
result := strings.Replace(strings.Replace(path, "_", "/", -1), "//", "_", -1)
result = strings.Replace(result, "..", "", -1)
result = strings.TrimPrefix(result, "/")

Check failure on line 50 in api/publish.go

View workflow job for this annotation

GitHub Actions / lint 

File is not `gofmt`-ed with `-s` (gofmt)
if result == "" {
result = "."
}
Expand Down

0 comments on commit 0403480

Please sign in to comment.