From c47c78773aa4affbf47386ca9080604048ebeace Mon Sep 17 00:00:00 2001
From: mrw1593 <botahamec@outlook.com>
Date: Sat, 3 Jun 2023 09:47:46 -0400
Subject: Fixed security bugs with reading files

---
 src/resources/scripts.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/resources/scripts.rs')

diff --git a/src/resources/scripts.rs b/src/resources/scripts.rs
index 3e2d869..1b27859 100644
--- a/src/resources/scripts.rs
+++ b/src/resources/scripts.rs
@@ -1,7 +1,8 @@
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError};
 use exun::{Expect, ResultErrorExt};
+use path_clean::clean;
 use raise::yeet;
 use serde::Serialize;
 use thiserror::Error;
@@ -21,7 +22,7 @@ impl ResponseError for LoadScriptError {
 }
 
 fn load(script: &str) -> Result<String, Expect<LoadScriptError>> {
-	let path = PathBuf::from(format!("static/scripts/{}.js", script));
+	let path = clean(format!("static/scripts/{}.js", script));
 	if !path.exists() {
 		yeet!(LoadScriptError::FileNotFound(path.into()).into());
 	}
-- 
cgit v1.2.3