mirror of
https://github.com/labstack/echo.git
synced 2024-12-24 20:14:31 +02:00
parent
3673d7fb44
commit
c05db06020
12
echo.go
12
echo.go
@ -45,6 +45,7 @@ import (
|
||||
stdLog "log"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
@ -434,7 +435,11 @@ func (e *Echo) Static(prefix, root string) {
|
||||
|
||||
func static(i i, prefix, root string) {
|
||||
h := func(c Context) error {
|
||||
name := filepath.Join(root, path.Clean("/"+c.Param("*"))) // "/"+ for security
|
||||
p, err := url.PathUnescape(c.Param("*"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
name := filepath.Join(root, path.Clean("/"+p)) // "/"+ for security
|
||||
return c.File(name)
|
||||
}
|
||||
i.GET(prefix, h)
|
||||
@ -542,7 +547,10 @@ func (e *Echo) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
// Middleware
|
||||
h := func(c Context) error {
|
||||
method := r.Method
|
||||
path := r.URL.Path
|
||||
path := r.URL.RawPath
|
||||
if path == "" {
|
||||
path = r.URL.Path
|
||||
}
|
||||
e.router.Find(method, path, c)
|
||||
h := c.Handler()
|
||||
for i := len(e.middleware) - 1; i >= 0; i-- {
|
||||
|
11
echo_test.go
11
echo_test.go
@ -304,6 +304,17 @@ func TestEchoRoutes(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestEchoEncodedPath(t *testing.T) {
|
||||
e := New()
|
||||
e.GET("/:id", func(c Context) error {
|
||||
return c.NoContent(http.StatusOK)
|
||||
})
|
||||
req := httptest.NewRequest(GET, "/with%2Fslash", nil)
|
||||
rec := httptest.NewRecorder()
|
||||
e.ServeHTTP(rec, req)
|
||||
assert.Equal(t, http.StatusOK, rec.Code)
|
||||
}
|
||||
|
||||
func TestEchoGroup(t *testing.T) {
|
||||
e := New()
|
||||
buf := new(bytes.Buffer)
|
||||
|
@ -2,6 +2,7 @@ package middleware
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
@ -66,7 +67,7 @@ func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc {
|
||||
}
|
||||
|
||||
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
return func(c echo.Context) (err error) {
|
||||
if config.Skipper(c) {
|
||||
return next(c)
|
||||
}
|
||||
@ -75,6 +76,10 @@ func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc {
|
||||
if strings.HasSuffix(c.Path(), "*") { // When serving from a group, e.g. `/static*`.
|
||||
p = c.Param("*")
|
||||
}
|
||||
p, err = url.PathUnescape(p)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
name := filepath.Join(config.Root, path.Clean("/"+p)) // "/"+ for security
|
||||
|
||||
fi, err := os.Stat(name)
|
||||
|
Loading…
Reference in New Issue
Block a user