Move sanitization of URL.Path to Server

No need to have this in every plugin. And, even in flat filesystems filenames with dots and slashes are best avoided.

Move sanitization of URL.Path to Server
No need to have this in every plugin. And, even in flat filesystems filenames with dots and slashes are best avoided.
f31875df · W-Mark Kubacki · 4e98cc30 · f31875df
Commit f31875df authored Apr 15, 2016 by W-Mark Kubacki
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

server/server.go server/server.go +11 -0

No files found.
--- a/server/server.go
+++ b/server/server.go
@@ -14,6 +14,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strings"
 	"sync"
@@ -332,6 +333,16 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}

+	// Use URL.RawPath If you need the original, "raw" URL.Path in your middleware.
+	// Collapse any ./ ../ /// madness here instead of doing that in every plugin.
+	if r.URL.Path != "/" {
+		path := filepath.Clean(r.URL.Path)
+		if !strings.HasPrefix(path, "/") {
+			path = "/" + path
+		}
+		r.URL.Path = path
+	}
+
 	// Execute the optional request callback if it exists and it's not disabled
 	if s.ReqCallback != nil && !s.vhosts[host].config.TLS.Manual && s.ReqCallback(w, r) {
 		return