Skip to content

Commit

Permalink
path fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@nothub
nothub committed Feb 18, 2023
1 parent 7240016 commit ffd6ae0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ var rootCmd = &cobra.Command{
}

for _, file := range index.Files {
ok, err := util.PathIsSubpath(file.Path, serverDir)
ok, err := util.PathIsSubpath(path.Join(serverDir, file.Path), serverDir)
if err != nil {
log.Println(err.Error())
}
Expand Down
6 changes: 3 additions & 3 deletions cmd/update.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,13 +148,13 @@ var updateCmd = &cobra.Command{
log.Fatalln(err)
}

for path, _ := range newModPackInfo.File {
ok, err := util.PathIsSubpath(string(path), serverDir)
for p, _ := range newModPackInfo.File {
ok, err := util.PathIsSubpath(path.Join(serverDir, string(p)), serverDir)
if err != nil {
log.Println(err.Error())
}
if err != nil || !ok {
log.Fatalln("File path is not safe: " + path)
log.Fatalln("File path is not safe: " + p)
}
}

Expand Down

0 comments on commit ffd6ae0

Please sign in to comment.