Apply file name sanitization for GET requests
Perform the same file name sanitization for GET requests as for PUT requests.
This commit is contained in:
parent
482653aa5c
commit
2100ca5d66
15
upload.pm
15
upload.pm
|
@ -61,11 +61,12 @@ sub handle {
|
|||
|
||||
sub handle_get_or_head {
|
||||
my $r = shift;
|
||||
my $file_path = safe_filename($r);
|
||||
|
||||
if (-r $r->filename and -f _) {
|
||||
if (-r $file_path and -f _) {
|
||||
$r->allow_ranges;
|
||||
$r->send_http_header;
|
||||
$r->sendfile($r->filename) unless $r->header_only;
|
||||
$r->sendfile($file_path) unless $r->header_only;
|
||||
return OK;
|
||||
} else {
|
||||
return DECLINED;
|
||||
|
@ -100,8 +101,7 @@ sub handle_put {
|
|||
|
||||
sub handle_put_body {
|
||||
my $r = shift;
|
||||
my $safe_uri = $r->uri =~ s|[^\p{Alnum}/_.-]|_|gr;
|
||||
my $file_path = substr($r->filename, 0, -length($r->uri)) . $safe_uri;
|
||||
my $file_path = safe_filename($r);
|
||||
my $dir_path = dirname($file_path);
|
||||
|
||||
make_path($dir_path, {chmod => $dir_mode, error => \my $error});
|
||||
|
@ -180,6 +180,13 @@ sub add_custom_headers {
|
|||
}
|
||||
}
|
||||
|
||||
sub safe_filename {
|
||||
my $r = shift;
|
||||
my $safe_uri = $r->uri =~ s|[^\p{Alnum}/_.-]|_|gr;
|
||||
|
||||
return substr($r->filename, 0, -length($r->uri)) . $safe_uri;
|
||||
}
|
||||
|
||||
sub safe_eq {
|
||||
my $a = shift;
|
||||
my $b = shift;
|
||||
|
|
Loading…
Reference in New Issue