go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-07-15 01:34:53 +02:00
Code Issues Releases Activity

Enabled security while serving static files

Browse Source 
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana
2017-02-22 14:21:28 -08:00
parent 91d2727522
commit d259f88324
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
middleware/static.go
View File

@ -3,6 +3,7 @@ package middleware
import (
"fmt"
"os"
"path"
"path/filepath"
"strings"
@ -66,11 +67,11 @@ func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
path := c.Request().URL.Path
p := c.Request().URL.Path
if strings.HasSuffix(c.Path(), "*") { // When serving from a group, e.g. `/static*`.
path = c.Param("*")
p = c.Param("*")
}
name := filepath.Join(config.Root, path)
name := filepath.Join(config.Root, path.Clean("/"+p)) // "/"+ for security
fi, err := os.Stat(name)
if err != nil {