go/echo
go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-01-26 03:20:08 +02:00
Code Issues Releases Activity

Fixed #947, closes #948

Browse Source 
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana 2017-06-07 08:23:43 -07:00
parent 3673d7fb44
commit c05db06020
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
echo.go
View File

@ -45,6 +45,7 @@ import (
stdLog "log" stdLog "log"
"net" "net"
"net/http" "net/http"
"net/url"
"path" "path"
"path/filepath" "path/filepath"
"reflect" "reflect"
@ -434,7 +435,11 @@ func (e *Echo) Static(prefix, root string) {
func static(i i, prefix, root string) { func static(i i, prefix, root string) {
h := func(c Context) error { h := func(c Context) error {
name := filepath.Join(root, path.Clean("/"+c.Param("*"))) // "/"+ for security p, err := url.PathUnescape(c.Param("*"))
if err != nil {
return err
}
name := filepath.Join(root, path.Clean("/"+p)) // "/"+ for security
return c.File(name) return c.File(name)
} }
i.GET(prefix, h) i.GET(prefix, h)
@ -542,7 +547,10 @@ func (e *Echo) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Middleware // Middleware
h := func(c Context) error { h := func(c Context) error {
method := r.Method method := r.Method
path := r.URL.Path path := r.URL.RawPath
if path == "" {
path = r.URL.Path
}
e.router.Find(method, path, c) e.router.Find(method, path, c)
h := c.Handler() h := c.Handler()
for i := len(e.middleware) - 1; i >= 0; i-- { for i := len(e.middleware) - 1; i >= 0; i-- {

11
echo_test.go
View File

@ -304,6 +304,17 @@ func TestEchoRoutes(t *testing.T) {
} }
} }
func TestEchoEncodedPath(t *testing.T) {
e := New()
e.GET("/:id", func(c Context) error {
return c.NoContent(http.StatusOK)
})
req := httptest.NewRequest(GET, "/with%2Fslash", nil)
rec := httptest.NewRecorder()
e.ServeHTTP(rec, req)
assert.Equal(t, http.StatusOK, rec.Code)
}
func TestEchoGroup(t *testing.T) { func TestEchoGroup(t *testing.T) {
e := New() e := New()
buf := new(bytes.Buffer) buf := new(bytes.Buffer)

7
middleware/static.go
View File

@ -2,6 +2,7 @@ package middleware
import ( import (
"fmt" "fmt"
"net/url"
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
@ -66,7 +67,7 @@ func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc {
} }
return func(next echo.HandlerFunc) echo.HandlerFunc { return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error { return func(c echo.Context) (err error) {
if config.Skipper(c) { if config.Skipper(c) {
return next(c) return next(c)
} }
@ -75,6 +76,10 @@ func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc {
if strings.HasSuffix(c.Path(), "*") { // When serving from a group, e.g. `/static*`. if strings.HasSuffix(c.Path(), "*") { // When serving from a group, e.g. `/static*`.
p = c.Param("*") p = c.Param("*")
} }
p, err = url.PathUnescape(p)
if err != nil {
return err
}
name := filepath.Join(config.Root, path.Clean("/"+p)) // "/"+ for security name := filepath.Join(config.Root, path.Clean("/"+p)) // "/"+ for security
fi, err := os.Stat(name) fi, err := os.Stat(name)