Clean Path on routing to mitigate directory traversal, bump version to 0.4.1

2025-07-18 13:42:02 +08:00 · 2021-12-30 16:42:43 +08:00 · 2021-12-30 16:42:43 +08:00 · 74b0382ab6
commit 74b0382ab6
parent 49569b306a
2 changed files with 5 additions and 1 deletions
--- a/config.go
+++ b/config.go
@ -22,7 +22,7 @@ var (
 	prefetch, proxyMode      bool
 	remoteRaw                = "remote-raw"
 	config                   Config
-	version                  = "0.4.0"
+	version                  = "0.4.1"
 	releaseUrl               = "https://github.com/webp-sh/webp_server_go/releases/latest/download/"
 )

--- a/router.go
+++ b/router.go
@ -16,6 +16,10 @@ import (
 func convert(c *fiber.Ctx) error {
 	//basic vars
 	var reqURI, _ = url.QueryUnescape(c.Path()) // /mypic/123.jpg
+
+	// delete ../ in reqURI to mitigate directory traversal
+	reqURI = path.Clean(reqURI)
+
 	var rawImageAbs string
 	if proxyMode {
 		rawImageAbs = config.ImgPath + reqURI