diff options
| -rw-r--r-- | src/config.rs | 4 | ||||
| -rw-r--r-- | src/file_op.rs | 7 |
2 files changed, 6 insertions, 5 deletions
diff --git a/src/config.rs b/src/config.rs index 6e4a1eb..43414b2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -266,9 +266,9 @@ impl MiniserveConfig { .map(|v| { v.iter() .map(|p| { - sanitize_path(p, false) + sanitize_path(p, args.hidden) .map(|p| p.display().to_string().replace('\\', "/")) - .ok_or(anyhow!("Illegal path {p:?}: upward traversal not allowed")) + .ok_or(anyhow!("Illegal path {p:?}")) }) .collect() }) diff --git a/src/file_op.rs b/src/file_op.rs index 760b23e..35e56fa 100644 --- a/src/file_op.rs +++ b/src/file_op.rs @@ -152,9 +152,10 @@ async fn handle_multipart( ) })?; - let filename_path = sanitize_path(Path::new(&filename), false).ok_or_else(|| { - ContextualError::InvalidPathError("Invalid file name to upload".to_string()) - })?; + let filename_path = + sanitize_path(Path::new(&filename), allow_hidden_paths).ok_or_else(|| { + ContextualError::InvalidPathError("Invalid file name to upload".to_string()) + })?; // Ensure there are no illegal symlinks in the file upload path if !allow_symlinks { |