index : static-web-server.git

ascending towards madness

author Jose Quintana <joseluisquintana20@gmail.com> 2021-02-12 15:50:42.0 +00:00:00
committer Jose Quintana <joseluisquintana20@gmail.com> 2021-02-12 15:50:42.0 +00:00:00
commit 
a6cca088dde07df7f801a9c571a77a3d4205d0cb [patch]
tree 
ba89a8f6f8143c578df1e15fb4067e3a5fdf90cd
parent 
6551018818e39c1fc437dc11670ffb964d8f5888
download 
a6cca088dde07df7f801a9c571a77a3d4205d0cb.tar.gz

fix: static file path resolving




Diff


 src/staticfile_middleware/staticfile.rs |  9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/staticfile_middleware/staticfile.rs b/src/staticfile_middleware/staticfile.rs
index 61ecb22..f3e9fd4 100644
--- a/src/staticfile_middleware/staticfile.rs
+++ b/src/staticfile_middleware/staticfile.rs
@@ -64,8 +64,10 @@ impl Staticfile {
            res
        };

        let path_resolved = PathBuf::from(helpers::adjust_canonicalization(path_resolved));
        let base_path = if is_assets { &self.assets } else { &self.root };
        let path_resolved = PathBuf::from(helpers::adjust_canonicalization(
            path_resolved.canonicalize()?,
        ));

        // Protect against path/directory traversal
        if !path_resolved.starts_with(&base_path) {
@@ -89,7 +91,10 @@ impl Handler for Staticfile {
        // Resolve path on file system
        let path_resolved = match self.resolve_path(&req.url.path()) {
            Ok(file_path) => file_path,
            Err(_) => return Ok(Response::with(status::NotFound)),
            Err(e) => {
                trace!("{}", e);
                return Ok(Response::with(status::NotFound));
            }
        };

        // 1. Check if "directory listing" feature is enabled,