Fix paths. (#29)

This commit is contained in:
Zaxar163 2018-10-03 11:12:48 +03:00 committed by Gravit
parent 895253012f
commit 71efde7cd2

View file

@ -90,7 +90,7 @@ public void channelRead0(ChannelHandlerContext ctx, FullHttpRequest request) thr
} else { } else {
sendRedirect(ctx, uri + '/'); sendRedirect(ctx, uri + '/');
} }
} else sendError(ctx, FORBIDDEN); } else sendError(ctx, NOT_FOUND); // can not handle dirs
return; return;
} }
@ -197,7 +197,7 @@ private static String sanitizeUri(String uri) {
} }
// Convert file separators. // Convert file separators.
uri = uri.replace('/', File.separatorChar); uri = uri.replace(File.separatorChar, '/');
// Simplistic dumb security check. // Simplistic dumb security check.
// You will have to do something serious in the production environment. // You will have to do something serious in the production environment.
@ -207,9 +207,7 @@ private static String sanitizeUri(String uri) {
INSECURE_URI.matcher(uri).matches()) { INSECURE_URI.matcher(uri).matches()) {
return null; return null;
} }
return uri.substring(1);
// Convert to absolute path.
return SystemPropertyUtil.get("user.dir") + File.separator + uri;
} }
private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*"); private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*");