Home Verkennen
Registreren Inloggen
Endevir
/
git-server
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 1f11c1f71a
Aftakkingen Labels
git-server
/
pkg
/
tool
/
path.go

path.go 726 B
Geschiedenis Ruwe

123456789101112131415161718192021222324 
  1. // Copyright 2018 The Gogs Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package tool
    6. 

  6. 

  7. import (
    8. 

  8. 	"strings"
    9. 

  9. )
    10. 

  10. 

  11. // IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
    12. 

  12. // False: //url, http://url, /\url
    13. 

  13. // True: /url
    14. 

  14. func IsSameSiteURLPath(url string) bool {
    15. 

  15. 	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
    16. 

  16. }
    17. 

  17. 

  18. // SanitizePath sanitizes user-defined file paths to prevent remote code execution.
    19. 

  19. func SanitizePath(path string) string {
    20. 

  20. 	path = strings.TrimLeft(path, "/")
    21. 

  21. 	path = strings.Replace(path, "../", "", -1)
    22. 

  22. 	path = strings.Replace(path, "..\\", "", -1)
    23. 

  23. 	return path
    24. 

  24. }
    25.