From 455abe23d0fd2114f7836694502892990180577d Mon Sep 17 00:00:00 2001
From: Jonas Diemer <jonasdiemer@gmail.com>
Date: Wed, 3 Aug 2022 13:02:21 +0200
Subject: Switched to use of PathBuf, fixed for subdirs

---
 src/file_upload.rs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/file_upload.rs')

diff --git a/src/file_upload.rs b/src/file_upload.rs
index 747d0de..56112f3 100644
--- a/src/file_upload.rs
+++ b/src/file_upload.rs
@@ -175,10 +175,15 @@ pub async fn upload_file(
     // Disallow paths outside of restricted directories
     // TODO: Probably not the most rust-ic style...
     if !conf.restrict_upload_dir.is_empty() {
-        let upl_path = upload_path.clone().into_os_string().into_string().unwrap();
+        let mut upload_allowed = false;
+        for restricted_dir in conf.restrict_upload_dir.iter() {            
+            if upload_path.starts_with(restricted_dir) {
+                    upload_allowed = true;
+                    break;
+                }
+            }
 
-        if !(conf.restrict_upload_dir.contains(&upl_path)){
-            // not good
+        if !upload_allowed {
             return Err(ContextualError::InvalidPathError("Not allowed to upload to this path".to_string()));
         }
     }
-- 
cgit v1.2.3