diff options
| author | cyqsimon <28627918+cyqsimon@users.noreply.github.com> | 2024-01-26 05:13:21 +0000 |
|---|---|---|
| committer | cyqsimon <28627918+cyqsimon@users.noreply.github.com> | 2024-01-26 05:13:21 +0000 |
| commit | 2fe13fbddb403469dc3260b2ff6c84ec5fc153c7 (patch) | |
| tree | e1afb1141376b58839e03f3b45bad8e672c0d7b3 /src/file_op.rs | |
| parent | Bump deps (diff) | |
| download | miniserve-2fe13fbddb403469dc3260b2ff6c84ec5fc153c7.tar.gz miniserve-2fe13fbddb403469dc3260b2ff6c84ec5fc153c7.zip | |
Fix inaccurate uses of `sanitize_path`
Diffstat (limited to 'src/file_op.rs')
| -rw-r--r-- | src/file_op.rs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/file_op.rs b/src/file_op.rs index 760b23e..35e56fa 100644 --- a/src/file_op.rs +++ b/src/file_op.rs @@ -152,9 +152,10 @@ async fn handle_multipart( ) })?; - let filename_path = sanitize_path(Path::new(&filename), false).ok_or_else(|| { - ContextualError::InvalidPathError("Invalid file name to upload".to_string()) - })?; + let filename_path = + sanitize_path(Path::new(&filename), allow_hidden_paths).ok_or_else(|| { + ContextualError::InvalidPathError("Invalid file name to upload".to_string()) + })?; // Ensure there are no illegal symlinks in the file upload path if !allow_symlinks { |