diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/ninjacloud.go | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/ninjacloud.go b/src/ninjacloud.go index 9ec2962..cb99446 100644 --- a/src/ninjacloud.go +++ b/src/ninjacloud.go | |||
@@ -9,6 +9,7 @@ import ( | |||
9 | "net/http" | 9 | "net/http" |
10 | "os" | 10 | "os" |
11 | "path/filepath" | 11 | "path/filepath" |
12 | "runtime" | ||
12 | ) | 13 | ) |
13 | 14 | ||
14 | const APP_NAME = "Ninja Go Local Cloud" | 15 | const APP_NAME = "Ninja Go Local Cloud" |
@@ -160,11 +161,20 @@ func copyDir(source string, dest string) (err error) { | |||
160 | 161 | ||
161 | //////// REQUEST HANDLERS | 162 | //////// REQUEST HANDLERS |
162 | 163 | ||
164 | func osPath(p string) string { | ||
165 | filepath.Clean(p) | ||
166 | if runtime.GOOS == "windows" { | ||
167 | p = p[:1] + ":" + p[1:] | ||
168 | } else { | ||
169 | p = "/" + p | ||
170 | } | ||
171 | return p | ||
172 | } | ||
173 | |||
163 | //// File APIs | 174 | //// File APIs |
164 | 175 | ||
165 | func fileHandler(w http.ResponseWriter, r *http.Request) { | 176 | func fileHandler(w http.ResponseWriter, r *http.Request) { |
166 | p := r.URL.Path[filePathLen:] | 177 | p := osPath(r.URL.Path[filePathLen:]) |
167 | filepath.Clean(p) | ||
168 | if !isInRoot(p) { | 178 | if !isInRoot(p) { |
169 | w.WriteHeader(http.StatusForbidden) | 179 | w.WriteHeader(http.StatusForbidden) |
170 | return | 180 | return |
@@ -277,8 +287,7 @@ func fileHandler(w http.ResponseWriter, r *http.Request) { | |||
277 | //// Directory APIs | 287 | //// Directory APIs |
278 | 288 | ||
279 | func dirHandler(w http.ResponseWriter, r *http.Request) { | 289 | func dirHandler(w http.ResponseWriter, r *http.Request) { |
280 | p := r.URL.Path[dirPathLen:] | 290 | p := osPath(r.URL.Path[dirPathLen:]) |
281 | filepath.Clean(p) | ||
282 | if !isInRoot(p) { | 291 | if !isInRoot(p) { |
283 | w.WriteHeader(http.StatusForbidden) | 292 | w.WriteHeader(http.StatusForbidden) |
284 | return | 293 | return |