internal: move packages under this directory (#5836)

* Rename pkg -> internal * Rename routes -> route * Move route -> internal/route * Rename models -> db * Move db -> internal/db * Fix route2 -> route * Move cmd -> internal/cmd * Bump version
author: Unknwon <u@gogs.io> 2019-10-24 01:51:46 -0700
committer: GitHub <noreply@github.com> 2019-10-24 01:51:46 -0700
commit: 01c8df01ec0608f1f25b2f1444adabb98fa5ee8a (patch)
tree: f8a7e5dd8d2a8c51e1ce2cabb9d33571a93314dd /internal/tool/path.go
parent: 613139e7bef81d3573e7988a47eb6765f3de347a (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/internal/tool/path.go b/internal/tool/path.go
new file mode 100644
index 00000000..e95bba8b
--- /dev/null
+++ b/internal/tool/path.go
@@ -0,0 +1,23 @@
+// Copyright 2018 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package tool
+
+import (
+	"path/filepath"
+	"strings"
+)
+
+// IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
+// False: //url, http://url, /\url
+// True: /url
+func IsSameSiteURLPath(url string) bool {
+	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
+}
+
+// IsMaliciousPath returns true if given path is an absolute path or contains malicious content
+// which has potential to traverse upper level directories.
+func IsMaliciousPath(path string) bool {
+	return filepath.IsAbs(path) || strings.Contains(path, "..")
+}
author	Unknwon <u@gogs.io>	2019-10-24 01:51:46 -0700
committer	GitHub <noreply@github.com>	2019-10-24 01:51:46 -0700
commit	01c8df01ec0608f1f25b2f1444adabb98fa5ee8a (patch)
tree	f8a7e5dd8d2a8c51e1ce2cabb9d33571a93314dd /internal/tool/path.go
parent	613139e7bef81d3573e7988a47eb6765f3de347a (diff)