move normalize_path to tools::normalize_uri_path
This commit is contained in:
parent
96e95fc179
commit
3578d99f3e
|
@ -488,29 +488,6 @@ fn check_auth(method: &hyper::Method, ticket: &Option<String>, token: &Option<St
|
||||||
Ok(username)
|
Ok(username)
|
||||||
}
|
}
|
||||||
|
|
||||||
// normalize path
|
|
||||||
// do not allow ".", "..", or hidden files ".XXXX"
|
|
||||||
// also remove empty path components
|
|
||||||
fn normalize_path(path: &str) -> Result<(String, Vec<&str>), Error> {
|
|
||||||
|
|
||||||
let items = path.split('/');
|
|
||||||
|
|
||||||
let mut path = String::new();
|
|
||||||
let mut components = vec![];
|
|
||||||
|
|
||||||
for name in items {
|
|
||||||
if name.is_empty() { continue; }
|
|
||||||
if name.starts_with(".") {
|
|
||||||
bail!("Path contains illegal components.");
|
|
||||||
}
|
|
||||||
path.push('/');
|
|
||||||
path.push_str(name);
|
|
||||||
components.push(name);
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok((path, components))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn delayed_response(resp: Response<Body>, delay_unauth_time: std::time::Instant) -> BoxFut {
|
fn delayed_response(resp: Response<Body>, delay_unauth_time: std::time::Instant) -> BoxFut {
|
||||||
|
|
||||||
Box::new(tokio::timer::Delay::new(delay_unauth_time)
|
Box::new(tokio::timer::Delay::new(delay_unauth_time)
|
||||||
|
@ -524,7 +501,7 @@ pub fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> BoxFut {
|
||||||
|
|
||||||
let method = parts.method.clone();
|
let method = parts.method.clone();
|
||||||
|
|
||||||
let (path, components) = match normalize_path(parts.uri.path()) {
|
let (path, components) = match tools::normalize_uri_path(parts.uri.path()) {
|
||||||
Ok((p,c)) => (p, c),
|
Ok((p,c)) => (p, c),
|
||||||
Err(err) => return Box::new(future::err(http_err!(BAD_REQUEST, err.to_string()))),
|
Err(err) => return Box::new(future::err(http_err!(BAD_REQUEST, err.to_string()))),
|
||||||
};
|
};
|
||||||
|
|
24
src/tools.rs
24
src/tools.rs
|
@ -618,6 +618,30 @@ pub fn join(data: &Vec<String>, sep: char) -> String {
|
||||||
list
|
list
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// normalize uri path
|
||||||
|
///
|
||||||
|
/// Do not allow ".", "..", or hidden files ".XXXX"
|
||||||
|
/// Also remove empty path components
|
||||||
|
pub fn normalize_uri_path(path: &str) -> Result<(String, Vec<&str>), Error> {
|
||||||
|
|
||||||
|
let items = path.split('/');
|
||||||
|
|
||||||
|
let mut path = String::new();
|
||||||
|
let mut components = vec![];
|
||||||
|
|
||||||
|
for name in items {
|
||||||
|
if name.is_empty() { continue; }
|
||||||
|
if name.starts_with(".") {
|
||||||
|
bail!("Path contains illegal components.");
|
||||||
|
}
|
||||||
|
path.push('/');
|
||||||
|
path.push_str(name);
|
||||||
|
components.push(name);
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok((path, components))
|
||||||
|
}
|
||||||
|
|
||||||
pub fn fd_change_cloexec(fd: RawFd, on: bool) -> Result<(), Error> {
|
pub fn fd_change_cloexec(fd: RawFd, on: bool) -> Result<(), Error> {
|
||||||
use nix::fcntl::{fcntl, F_GETFD, F_SETFD, FdFlag};
|
use nix::fcntl::{fcntl, F_GETFD, F_SETFD, FdFlag};
|
||||||
let mut flags = FdFlag::from_bits(fcntl(fd, F_GETFD)?)
|
let mut flags = FdFlag::from_bits(fcntl(fd, F_GETFD)?)
|
||||||
|
|
Loading…
Reference in New Issue