diff options
| author | Sven-Hendrik Haase <svenstaro@gmail.com> | 2024-01-28 04:11:29 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-28 04:11:29 +0000 |
| commit | b472f20a3c250b647e81403edb1dac5af47daca8 (patch) | |
| tree | e1afb1141376b58839e03f3b45bad8e672c0d7b3 /src/file_op.rs | |
| parent | Bump deps (diff) | |
| parent | Fix inaccurate uses of `sanitize_path` (diff) | |
| download | miniserve-b472f20a3c250b647e81403edb1dac5af47daca8.tar.gz miniserve-b472f20a3c250b647e81403edb1dac5af47daca8.zip | |
Merge pull request #1327 from cyqsimon/sanitize_path_usage
Fix inaccurate uses of `sanitize_path`
Diffstat (limited to 'src/file_op.rs')
| -rw-r--r-- | src/file_op.rs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/file_op.rs b/src/file_op.rs index 760b23e..35e56fa 100644 --- a/src/file_op.rs +++ b/src/file_op.rs @@ -152,9 +152,10 @@ async fn handle_multipart( ) })?; - let filename_path = sanitize_path(Path::new(&filename), false).ok_or_else(|| { - ContextualError::InvalidPathError("Invalid file name to upload".to_string()) - })?; + let filename_path = + sanitize_path(Path::new(&filename), allow_hidden_paths).ok_or_else(|| { + ContextualError::InvalidPathError("Invalid file name to upload".to_string()) + })?; // Ensure there are no illegal symlinks in the file upload path if !allow_symlinks { |