mirror of
https://github.com/NotAShelf/catApi.git
synced 2025-10-01 14:33:33 +00:00
validate image paths
This commit is contained in:
parent
fee1ae20ed
commit
4456e0d0a3
1 changed files with 16 additions and 1 deletions
17
main.go
17
main.go
|
@ -9,6 +9,7 @@ import (
|
|||
"math/rand"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
|
@ -108,7 +109,21 @@ func idHandler(w http.ResponseWriter, r *http.Request) {
|
|||
http.Error(w, "Invalid id", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
http.ServeFile(w, r, "images/"+images[i])
|
||||
|
||||
imagePath := "images/" + images[i]
|
||||
if !isValidImagePath(imagePath) {
|
||||
http.Error(w, "Invalid image path", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
http.ServeFile(w, r, imagePath)
|
||||
}
|
||||
|
||||
func isValidImagePath(path string) bool {
|
||||
if !filepath.HasPrefix(path, "images/") {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func listHandler(w http.ResponseWriter, r *http.Request) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue