NotAShelf/catApi
1
0
Fork 0
mirror of https://github.com/NotAShelf/catApi.git synced 2025-10-02 23:13:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

validate image paths

Browse source
This commit is contained in:
raf 2025-02-08 16:52:39 +03:00
commit 4456e0d0a3
No known key found for this signature in database
GPG key ID: EED98D11B85A2819
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
main.go
View file

@ -9,6 +9,7 @@ import (
"math/rand" "math/rand"
"net/http" "net/http"
"os" "os"
"path/filepath"
"strconv" "strconv"
"time" "time"
@ -108,7 +109,21 @@ func idHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, "Invalid id", http.StatusBadRequest) http.Error(w, "Invalid id", http.StatusBadRequest)
return return
} }
http.ServeFile(w, r, "images/"+images[i])
imagePath := "images/" + images[i]
if !isValidImagePath(imagePath) {
http.Error(w, "Invalid image path", http.StatusBadRequest)
return
}
http.ServeFile(w, r, imagePath)
}
func isValidImagePath(path string) bool {
if !filepath.HasPrefix(path, "images/") {
return false
}
return true
} }
func listHandler(w http.ResponseWriter, r *http.Request) { func listHandler(w http.ResponseWriter, r *http.Request) {