diff options
| -rw-r--r-- | pkg/tool/path.go | 1 | ||||
| -rw-r--r-- | pkg/tool/path_test.go | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/pkg/tool/path.go b/pkg/tool/path.go index 528db86d..e8f7bcbe 100644 --- a/pkg/tool/path.go +++ b/pkg/tool/path.go @@ -19,5 +19,6 @@ func IsSameSiteURLPath(url string) bool { func SanitizePath(path string) string { path = strings.TrimLeft(path, "/") path = strings.Replace(path, "../", "", -1) + path = strings.Replace(path, "..\\", "", -1) return path } diff --git a/pkg/tool/path_test.go b/pkg/tool/path_test.go index 9f3441b1..d9b9fb21 100644 --- a/pkg/tool/path_test.go +++ b/pkg/tool/path_test.go @@ -39,8 +39,11 @@ func Test_SanitizePath(t *testing.T) { }{ {"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"}, {"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"}, + {"..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"}, + {"data\\gogs\\..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"}, {"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"}, + {"data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"}, } for _, tc := range testCases { So(SanitizePath(tc.path), ShouldEqual, tc.expect) |