Switched to use of PathBuf, fixed for subdirs

author: Jonas Diemer <jonasdiemer@gmail.com> 2022-08-03 11:02:21 +0000
committer: Jonas Diemer <jonasdiemer@gmail.com> 2022-09-18 18:24:48 +0000
commit: 455abe23d0fd2114f7836694502892990180577d (patch)
tree: 0e20c682fcbfe13a1b7f21a2b175fca4c5172a61 /src/file_upload.rs
parent: Added dependency to -u for --restrict-upload-dir (diff)
download: miniserve-455abe23d0fd2114f7836694502892990180577d.tar.gz
miniserve-455abe23d0fd2114f7836694502892990180577d.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/src/file_upload.rs b/src/file_upload.rs
index 747d0de..56112f3 100644
--- a/src/file_upload.rs
+++ b/src/file_upload.rs
@@ -175,10 +175,15 @@ pub async fn upload_file(
     // Disallow paths outside of restricted directories
     // TODO: Probably not the most rust-ic style...
     if !conf.restrict_upload_dir.is_empty() {
-        let upl_path = upload_path.clone().into_os_string().into_string().unwrap();
+        let mut upload_allowed = false;
+        for restricted_dir in conf.restrict_upload_dir.iter() {            
+            if upload_path.starts_with(restricted_dir) {
+                    upload_allowed = true;
+                    break;
+                }
+            }
 
-        if !(conf.restrict_upload_dir.contains(&upl_path)){
-            // not good
+        if !upload_allowed {
             return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string()));
         }
     }
author	Jonas Diemer <jonasdiemer@gmail.com>	2022-08-03 11:02:21 +0000
committer	Jonas Diemer <jonasdiemer@gmail.com>	2022-09-18 18:24:48 +0000
commit	455abe23d0fd2114f7836694502892990180577d (patch)
tree	0e20c682fcbfe13a1b7f21a2b175fca4c5172a61 /src/file_upload.rs
parent	Added dependency to -u for --restrict-upload-dir (diff)
download	miniserve-455abe23d0fd2114f7836694502892990180577d.tar.gz miniserve-455abe23d0fd2114f7836694502892990180577d.zip