diff options
Diffstat (limited to 'pkg/tool/path.go')
| -rw-r--r-- | pkg/tool/path.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/tool/path.go b/pkg/tool/path.go index 3c0d2d02..528db86d 100644 --- a/pkg/tool/path.go +++ b/pkg/tool/path.go @@ -17,5 +17,7 @@ func IsSameSiteURLPath(url string) bool { // SanitizePath sanitizes user-defined file paths to prevent remote code execution. func SanitizePath(path string) string { - return strings.TrimLeft(path, "./") + path = strings.TrimLeft(path, "/") + path = strings.Replace(path, "../", "", -1) + return path } |