diff options
| author | mrw1593 <botahamec@outlook.com> | 2023-06-03 09:47:46 -0400 |
|---|---|---|
| committer | mrw1593 <botahamec@outlook.com> | 2023-06-03 09:47:46 -0400 |
| commit | c47c78773aa4affbf47386ca9080604048ebeace (patch) | |
| tree | 750416da1f6a6d8d2783f8fe3e4ab095d79df101 /src/resources | |
| parent | f1a64b059d430cd2e334e297c43ae8053104ab05 (diff) | |
Fixed security bugs with reading files
Diffstat (limited to 'src/resources')
| -rw-r--r-- | src/resources/scripts.rs | 5 | ||||
| -rw-r--r-- | src/resources/style.rs | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/resources/scripts.rs b/src/resources/scripts.rs index 3e2d869..1b27859 100644 --- a/src/resources/scripts.rs +++ b/src/resources/scripts.rs @@ -1,7 +1,8 @@ -use std::path::{Path, PathBuf}; +use std::path::Path; use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError}; use exun::{Expect, ResultErrorExt}; +use path_clean::clean; use raise::yeet; use serde::Serialize; use thiserror::Error; @@ -21,7 +22,7 @@ impl ResponseError for LoadScriptError { } fn load(script: &str) -> Result<String, Expect<LoadScriptError>> { - let path = PathBuf::from(format!("static/scripts/{}.js", script)); + let path = clean(format!("static/scripts/{}.js", script)); if !path.exists() { yeet!(LoadScriptError::FileNotFound(path.into()).into()); } diff --git a/src/resources/style.rs b/src/resources/style.rs index 2777a82..3ea56d2 100644 --- a/src/resources/style.rs +++ b/src/resources/style.rs @@ -1,8 +1,9 @@ -use std::path::{Path, PathBuf}; +use std::path::Path; use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError}; use exun::{Expect, ResultErrorExt}; use grass::OutputStyle; +use path_clean::clean; use raise::yeet; use serde::Serialize; use thiserror::Error; @@ -37,7 +38,7 @@ impl ResponseError for LoadStyleError { pub fn load(stylesheet: &str) -> Result<String, Expect<LoadStyleError>> { let options = options(); - let path = PathBuf::from(format!("static/style/{}.scss", stylesheet)); + let path = clean(format!("static/style/{}.scss", stylesheet)); if !path.exists() { yeet!(LoadStyleError::FileNotFound(path.into()).into()); } |