diff options
Diffstat (limited to '')
| -rw-r--r-- | src/file_upload.rs | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/file_upload.rs b/src/file_upload.rs index 4d4f225..0232c7e 100644 --- a/src/file_upload.rs +++ b/src/file_upload.rs @@ -171,17 +171,19 @@ pub async fn upload_file( ContextualError::IoError("Failed to resolve path served by miniserve".to_string(), e) })?; - // Disallow paths outside of allowed directories - let upload_allowed = conf.allowed_upload_dir.is_empty() || - conf.allowed_upload_dir.iter().any(|s| upload_path.starts_with(s)); + let upload_allowed = conf.allowed_upload_dir.is_empty() + || conf + .allowed_upload_dir + .iter() + .any(|s| upload_path.starts_with(s)); if !upload_allowed { - return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string())); + return Err(ContextualError::InvalidPathError( + "Not allowed to upload to this path".to_string(), + )); } - - // Disallow the target path to go outside of the served directory // The target directory shouldn't be canonicalized when it gets passed to // handle_multipart so that it can check for symlinks if needed |