diff options
| author | Unknwon <u@gogs.io> | 2018-12-18 01:38:08 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2018-12-18 01:38:08 -0500 |
| commit | ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce (patch) | |
| tree | ab40d87ca0b61ebbc47da72bd6b87f1bad17100c /pkg/tool/path.go | |
| parent | 86ada875296eb81ffd902f976eedee9ea0f19859 (diff) | |
pkg/tool: improve SanitizePath (#5558)
Diffstat (limited to 'pkg/tool/path.go')
| -rw-r--r-- | pkg/tool/path.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/tool/path.go b/pkg/tool/path.go index 3c0d2d02..528db86d 100644 --- a/pkg/tool/path.go +++ b/pkg/tool/path.go @@ -17,5 +17,7 @@ func IsSameSiteURLPath(url string) bool { // SanitizePath sanitizes user-defined file paths to prevent remote code execution. func SanitizePath(path string) string { - return strings.TrimLeft(path, "./") + path = strings.TrimLeft(path, "/") + path = strings.Replace(path, "../", "", -1) + return path } |