Home Explore
Register Sign In
Endevir
/
git-server
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e70e72e025
Branches Tags
git-server
/
pkg
/
tool
/
path.go

path.go 680 B
History Raw

1234567891011121314151617181920212223 
  1. // Copyright 2018 The Gogs Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package tool
    6. 

  6. 

  7. import (
    8. 

  8. 	"strings"
    9. 

  9. )
    10. 

  10. 

  11. // IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
    12. 

  12. // False: //url, http://url, /\url
    13. 

  13. // True: /url
    14. 

  14. func IsSameSiteURLPath(url string) bool {
    15. 

  15. 	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
    16. 

  16. }
    17. 

  17. 

  18. // SanitizePath sanitizes user-defined file paths to prevent remote code execution.
    19. 

  19. func SanitizePath(path string) string {
    20. 

  20. 	path = strings.TrimLeft(path, "/")
    21. 

  21. 	path = strings.Replace(path, "../", "", -1)
    22. 

  22. 	return path
    23. 

  23. }
    24.