summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/fileserver/browse.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp/fileserver/browse.go')
-rw-r--r--modules/caddyhttp/fileserver/browse.go4
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go
index e1a0894..7cb6e40 100644
--- a/modules/caddyhttp/fileserver/browse.go
+++ b/modules/caddyhttp/fileserver/browse.go
@@ -82,8 +82,8 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter,
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
- // calling path.Clean here prevents weird breadcrumbs when URL paths are sketchy like /%2e%2e%2f
- listing, err := fsrv.loadDirectoryContents(r.Context(), dir.(fs.ReadDirFile), root, path.Clean(r.URL.Path), repl)
+ // TODO: not entirely sure if path.Clean() is necessary here but seems like a safe plan (i.e. /%2e%2e%2f) - someone could verify this
+ listing, err := fsrv.loadDirectoryContents(r.Context(), dir.(fs.ReadDirFile), root, path.Clean(r.URL.EscapedPath()), repl)
switch {
case os.IsPermission(err):
return caddyhttp.Error(http.StatusForbidden, err)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 19:28:06 +0000