diff options
-rw-r--r-- | src/ninjacloud.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/ninjacloud.go b/src/ninjacloud.go index 3e1f3e3..c3e5322 100644 --- a/src/ninjacloud.go +++ b/src/ninjacloud.go | |||
@@ -285,7 +285,9 @@ func listDir(path string, recursive bool, filter []string, returnType string) (l | |||
285 | func fileHandler(w http.ResponseWriter, r *http.Request) { | 285 | func fileHandler(w http.ResponseWriter, r *http.Request) { |
286 | w.Header().Add("Cache-Control", "no-cache") | 286 | w.Header().Add("Cache-Control", "no-cache") |
287 | p := filepath.Clean(r.URL.Path[filePathLen:]) | 287 | p := filepath.Clean(r.URL.Path[filePathLen:]) |
288 | p = strings.TrimLeft(p, driveName+"/") | 288 | p = strings.TrimLeft(p, driveName) |
289 | p = strings.TrimLeft(p, "/") | ||
290 | p = strings.TrimLeft(p, "\\") | ||
289 | if filepath.IsAbs(p) { | 291 | if filepath.IsAbs(p) { |
290 | w.WriteHeader(http.StatusForbidden) | 292 | w.WriteHeader(http.StatusForbidden) |
291 | return | 293 | return |
@@ -465,7 +467,9 @@ func fileHandler(w http.ResponseWriter, r *http.Request) { | |||
465 | func dirHandler(w http.ResponseWriter, r *http.Request) { | 467 | func dirHandler(w http.ResponseWriter, r *http.Request) { |
466 | w.Header().Add("Cache-Control", "no-cache") | 468 | w.Header().Add("Cache-Control", "no-cache") |
467 | p := filepath.Clean(r.URL.Path[dirPathLen:]) | 469 | p := filepath.Clean(r.URL.Path[dirPathLen:]) |
468 | p = strings.TrimLeft(p, driveName+"/") | 470 | p = strings.TrimLeft(p, driveName) |
471 | p = strings.TrimLeft(p, "/") | ||
472 | p = strings.TrimLeft(p, "\\") | ||
469 | if filepath.IsAbs(p) { | 473 | if filepath.IsAbs(p) { |
470 | w.WriteHeader(http.StatusForbidden) | 474 | w.WriteHeader(http.StatusForbidden) |
471 | return | 475 | return |