Fixed security bugs with reading files

author: mrw1593 <botahamec@outlook.com> 2023-06-03 09:47:46 -0400
committer: mrw1593 <botahamec@outlook.com> 2023-06-03 09:47:46 -0400
commit: c47c78773aa4affbf47386ca9080604048ebeace (patch)
tree: 750416da1f6a6d8d2783f8fe3e4ab095d79df101 /src/resources/style.rs
parent: f1a64b059d430cd2e334e297c43ae8053104ab05 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/resources/style.rs b/src/resources/style.rs
index 2777a82..3ea56d2 100644
--- a/src/resources/style.rs
+++ b/src/resources/style.rs
@@ -1,8 +1,9 @@
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError};
 use exun::{Expect, ResultErrorExt};
 use grass::OutputStyle;
+use path_clean::clean;
 use raise::yeet;
 use serde::Serialize;
 use thiserror::Error;
@@ -37,7 +38,7 @@ impl ResponseError for LoadStyleError {
 
 pub fn load(stylesheet: &str) -> Result<String, Expect<LoadStyleError>> {
 	let options = options();
-	let path = PathBuf::from(format!("static/style/{}.scss", stylesheet));
+	let path = clean(format!("static/style/{}.scss", stylesheet));
 	if !path.exists() {
 		yeet!(LoadStyleError::FileNotFound(path.into()).into());
 	}
author	mrw1593 <botahamec@outlook.com>	2023-06-03 09:47:46 -0400
committer	mrw1593 <botahamec@outlook.com>	2023-06-03 09:47:46 -0400
commit	c47c78773aa4affbf47386ca9080604048ebeace (patch)
tree	750416da1f6a6d8d2783f8fe3e4ab095d79df101 /src/resources/style.rs
parent	f1a64b059d430cd2e334e297c43ae8053104ab05 (diff)