diff options
| author | Jonas Diemer <jonasdiemer@gmail.com> | 2022-08-03 11:32:57 +0000 |
|---|---|---|
| committer | Jonas Diemer <jonasdiemer@gmail.com> | 2022-09-18 18:25:13 +0000 |
| commit | e5804835e491b77625541b025669efa5524d8102 (patch) | |
| tree | 08c70ab5fb609ea33d4dd816b714fa4393f90406 /src/file_upload.rs | |
| parent | Switched to use of PathBuf, fixed for subdirs (diff) | |
| download | miniserve-e5804835e491b77625541b025669efa5524d8102.tar.gz miniserve-e5804835e491b77625541b025669efa5524d8102.zip | |
cleaned up code using any()
Diffstat (limited to 'src/file_upload.rs')
| -rw-r--r-- | src/file_upload.rs | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/file_upload.rs b/src/file_upload.rs index 56112f3..e5f6173 100644 --- a/src/file_upload.rs +++ b/src/file_upload.rs @@ -174,21 +174,15 @@ pub async fn upload_file( // Disallow paths outside of restricted directories // TODO: Probably not the most rust-ic style... - if !conf.restrict_upload_dir.is_empty() { - let mut upload_allowed = false; - for restricted_dir in conf.restrict_upload_dir.iter() { - if upload_path.starts_with(restricted_dir) { - upload_allowed = true; - break; - } - } + let upload_allowed = conf.restrict_upload_dir.is_empty() || + conf.restrict_upload_dir.iter().any(|s| upload_path.starts_with(s)); - if !upload_allowed { - return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string())); - } + if !(upload_allowed) { + return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string())); } + // Disallow the target path to go outside of the served directory // The target directory shouldn't be canonicalized when it gets passed to // handle_multipart so that it can check for symlinks if needed |