diff options
| author | Sven-Hendrik Haase <svenstaro@gmail.com> | 2023-09-24 11:21:29 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-24 11:21:29 +0000 |
| commit | fa15976c1b4b070ad1bb8cecff23b7d571959852 (patch) | |
| tree | 8a6e756e84f4d301d0829db5cd3976d888030215 /src/config.rs | |
| parent | Merge pull request #1237 from svenstaro/fix-ci (diff) | |
| parent | Fix clippy complaints (diff) | |
| download | miniserve-fa15976c1b4b070ad1bb8cecff23b7d571959852.tar.gz miniserve-fa15976c1b4b070ad1bb8cecff23b7d571959852.zip | |
Merge pull request #1228 from cyqsimon/upload-refactor
Minor refactor on upload code
Diffstat (limited to 'src/config.rs')
| -rw-r--r-- | src/config.rs | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/src/config.rs b/src/config.rs index 1b5e07f..8a8a876 100644 --- a/src/config.rs +++ b/src/config.rs @@ -16,7 +16,7 @@ use rustls_pemfile as pemfile; use crate::{ args::{parse_auth, CliArgs, MediaType}, auth::RequiredAuth, - file_upload::sanitize_path, + file_utils::sanitize_path, renderer::ThemeSlug, }; @@ -252,6 +252,21 @@ impl MiniserveConfig { }) }); + let allowed_upload_dir = args + .allowed_upload_dir + .as_ref() + .map(|v| { + v.iter() + .map(|p| { + sanitize_path(p, false) + .map(|p| p.display().to_string().replace('\\', "/")) + .ok_or(anyhow!("Illegal path {p:?}: upward traversal not allowed")) + }) + .collect() + }) + .transpose()? + .unwrap_or_default(); + Ok(MiniserveConfig { verbose: args.verbose, path: args.path.unwrap_or_else(|| PathBuf::from(".")), @@ -273,18 +288,7 @@ impl MiniserveConfig { show_qrcode: args.qrcode, mkdir_enabled: args.mkdir_enabled, file_upload: args.allowed_upload_dir.is_some(), - allowed_upload_dir: args - .allowed_upload_dir - .unwrap_or_default() - .iter() - .map(|x| { - sanitize_path(x, false) - .unwrap() - .to_str() - .unwrap() - .replace('\\', "/") - }) - .collect(), + allowed_upload_dir, uploadable_media_type, tar_enabled: args.enable_tar, tar_gz_enabled: args.enable_tar_gz, |