diff options
| author | Jonas Diemer <jonasdiemer@gmail.com> | 2022-08-03 11:02:21 +0000 |
|---|---|---|
| committer | Jonas Diemer <jonasdiemer@gmail.com> | 2022-09-18 18:24:48 +0000 |
| commit | 455abe23d0fd2114f7836694502892990180577d (patch) | |
| tree | 0e20c682fcbfe13a1b7f21a2b175fca4c5172a61 /src/file_upload.rs | |
| parent | Added dependency to -u for --restrict-upload-dir (diff) | |
| download | miniserve-455abe23d0fd2114f7836694502892990180577d.tar.gz miniserve-455abe23d0fd2114f7836694502892990180577d.zip | |
Switched to use of PathBuf, fixed for subdirs
Diffstat (limited to 'src/file_upload.rs')
| -rw-r--r-- | src/file_upload.rs | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/file_upload.rs b/src/file_upload.rs index 747d0de..56112f3 100644 --- a/src/file_upload.rs +++ b/src/file_upload.rs @@ -175,10 +175,15 @@ pub async fn upload_file( // Disallow paths outside of restricted directories // TODO: Probably not the most rust-ic style... if !conf.restrict_upload_dir.is_empty() { - let upl_path = upload_path.clone().into_os_string().into_string().unwrap(); + let mut upload_allowed = false; + for restricted_dir in conf.restrict_upload_dir.iter() { + if upload_path.starts_with(restricted_dir) { + upload_allowed = true; + break; + } + } - if !(conf.restrict_upload_dir.contains(&upl_path)){ - // not good + if !upload_allowed { return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string())); } } |