-
Notifications
You must be signed in to change notification settings - Fork 163
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ServeDir/File: Fix build_and_validate_path to prevent accessing arbit…
…rary files (#204) * fixed build_and_validate_path to exclude colon * Fix directory traversal using `Path::components` * Also check each component individually Co-authored-by: David Pedersen <[email protected]>
- Loading branch information
1 parent
525df45
commit ec394e7
Showing
3 changed files
with
19 additions
and
20 deletions.
There are no files selected for viewing
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters