mirror of
https://github.com/imgproxy/imgproxy.git
synced 2025-01-23 11:14:48 +02:00
Validate url format after adding BASE_URL (#97)
This commit is contained in:
parent
d5baaf8b19
commit
7104622843
10
download.go
10
download.go
@ -11,6 +11,7 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -29,6 +30,7 @@ var (
|
|||||||
errSourceDimensionsTooBig = errors.New("Source image dimensions are too big")
|
errSourceDimensionsTooBig = errors.New("Source image dimensions are too big")
|
||||||
errSourceResolutionTooBig = errors.New("Source image resolution are too big")
|
errSourceResolutionTooBig = errors.New("Source image resolution are too big")
|
||||||
errSourceImageTypeNotSupported = errors.New("Source image type not supported")
|
errSourceImageTypeNotSupported = errors.New("Source image type not supported")
|
||||||
|
errInvalidImageURL = errors.New("Invalid image url")
|
||||||
)
|
)
|
||||||
|
|
||||||
var downloadBufPool = sync.Pool{
|
var downloadBufPool = sync.Pool{
|
||||||
@ -134,9 +136,13 @@ func readAndCheckImage(ctx context.Context, res *http.Response) (context.Context
|
|||||||
}
|
}
|
||||||
|
|
||||||
func downloadImage(ctx context.Context) (context.Context, context.CancelFunc, error) {
|
func downloadImage(ctx context.Context) (context.Context, context.CancelFunc, error) {
|
||||||
url := fmt.Sprintf("%s%s", conf.BaseURL, getImageURL(ctx))
|
imageURL := fmt.Sprintf("%s%s", conf.BaseURL, getImageURL(ctx))
|
||||||
|
|
||||||
res, err := downloadClient.Get(url)
|
if _, urlErr := url.ParseRequestURI(imageURL); urlErr != nil {
|
||||||
|
return ctx, func() {}, errInvalidImageURL
|
||||||
|
}
|
||||||
|
|
||||||
|
res, err := downloadClient.Get(imageURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ctx, func() {}, err
|
return ctx, func() {}, err
|
||||||
}
|
}
|
||||||
|
@ -11,7 +11,6 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
|
||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
@ -111,7 +110,6 @@ const (
|
|||||||
var (
|
var (
|
||||||
errInvalidURLEncoding = errors.New("Invalid url encoding")
|
errInvalidURLEncoding = errors.New("Invalid url encoding")
|
||||||
errInvalidPath = errors.New("Invalid path")
|
errInvalidPath = errors.New("Invalid path")
|
||||||
errInvalidImageURL = errors.New("Invalid image url")
|
|
||||||
errResultingImageFormatIsNotSupported = errors.New("Resulting image format is not supported")
|
errResultingImageFormatIsNotSupported = errors.New("Resulting image format is not supported")
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -656,10 +654,6 @@ func parsePath(ctx context.Context, rctx *fasthttp.RequestCtx) (context.Context,
|
|||||||
return ctx, err
|
return ctx, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err = url.ParseRequestURI(imageURL); err != nil {
|
|
||||||
return ctx, errInvalidImageURL
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, imageURLCtxKey, imageURL)
|
ctx = context.WithValue(ctx, imageURLCtxKey, imageURL)
|
||||||
ctx = context.WithValue(ctx, processingOptionsCtxKey, po)
|
ctx = context.WithValue(ctx, processingOptionsCtxKey, po)
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user