diff options
author | Matt Holt <mholt@users.noreply.github.com> | 2022-08-16 08:48:57 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-16 08:48:57 -0600 |
commit | a479943acd70068c4b80d3a8f4b8dd7ab93ca2ba (patch) | |
tree | f50a45b3b0c8c8475b783583967c1175f5e6673c /modules/caddyhttp/fileserver | |
parent | dc62d468e9645f52a5e1b4f6093dff65137ab3fe (diff) |
caddyhttp: Smarter path matching and rewriting (#4948)
Co-authored-by: RussellLuo <luopeng.he@gmail.com>
Diffstat (limited to 'modules/caddyhttp/fileserver')
-rw-r--r-- | modules/caddyhttp/fileserver/staticfiles.go | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index a745d5a..554f8d3 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -23,7 +23,6 @@ import ( weakrand "math/rand" "mime" "net/http" - "net/url" "os" "path" "path/filepath" @@ -236,16 +235,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") - // PathUnescape returns an error if the escapes aren't well-formed, - // meaning the count % matches the RFC. Return early if the escape is - // improper. - if _, err := url.PathUnescape(r.URL.Path); err != nil { - fsrv.logger.Debug("improper path escape", - zap.String("site_root", root), - zap.String("request_path", r.URL.Path), - zap.Error(err)) - return err - } + filename := caddyhttp.SanitizedPathJoin(root, r.URL.Path) fsrv.logger.Debug("sanitized path join", |