From c47c78773aa4affbf47386ca9080604048ebeace Mon Sep 17 00:00:00 2001
From: mrw1593 <botahamec@outlook.com>
Date: Sat, 3 Jun 2023 09:47:46 -0400
Subject: Fixed security bugs with reading files

---
 src/resources/scripts.rs | 5 +++--
 src/resources/style.rs   | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/resources')

diff --git a/src/resources/scripts.rs b/src/resources/scripts.rs
index 3e2d869..1b27859 100644
--- a/src/resources/scripts.rs
+++ b/src/resources/scripts.rs
@@ -1,7 +1,8 @@
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError};
 use exun::{Expect, ResultErrorExt};
+use path_clean::clean;
 use raise::yeet;
 use serde::Serialize;
 use thiserror::Error;
@@ -21,7 +22,7 @@ impl ResponseError for LoadScriptError {
 }
 
 fn load(script: &str) -> Result<String, Expect<LoadScriptError>> {
-	let path = PathBuf::from(format!("static/scripts/{}.js", script));
+	let path = clean(format!("static/scripts/{}.js", script));
 	if !path.exists() {
 		yeet!(LoadScriptError::FileNotFound(path.into()).into());
 	}
diff --git a/src/resources/style.rs b/src/resources/style.rs
index 2777a82..3ea56d2 100644
--- a/src/resources/style.rs
+++ b/src/resources/style.rs
@@ -1,8 +1,9 @@
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError};
 use exun::{Expect, ResultErrorExt};
 use grass::OutputStyle;
+use path_clean::clean;
 use raise::yeet;
 use serde::Serialize;
 use thiserror::Error;
@@ -37,7 +38,7 @@ impl ResponseError for LoadStyleError {
 
 pub fn load(stylesheet: &str) -> Result<String, Expect<LoadStyleError>> {
 	let options = options();
-	let path = PathBuf::from(format!("static/style/{}.scss", stylesheet));
+	let path = clean(format!("static/style/{}.scss", stylesheet));
 	if !path.exists() {
 		yeet!(LoadStyleError::FileNotFound(path.into()).into());
 	}
-- 
cgit v1.2.3