From 74b0382ab6d233e9929b519c2b365709a03eeb5f Mon Sep 17 00:00:00 2001
From: n0vad3v <n0vad3v@riseup.net>
Date: Thu, 30 Dec 2021 16:42:43 +0800
Subject: [PATCH] Clean Path on routing to mitigate directory traversal, bump
 version to 0.4.1

---
 config.go | 2 +-
 router.go | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config.go b/config.go
index 15a5ca6..5e24058 100644
--- a/config.go
+++ b/config.go
@@ -22,7 +22,7 @@ var (
 	prefetch, proxyMode      bool
 	remoteRaw                = "remote-raw"
 	config                   Config
-	version                  = "0.4.0"
+	version                  = "0.4.1"
 	releaseUrl               = "https://github.com/webp-sh/webp_server_go/releases/latest/download/"
 )
 
diff --git a/router.go b/router.go
index 773a1f3..0b1bb8c 100644
--- a/router.go
+++ b/router.go
@@ -16,6 +16,10 @@ import (
 func convert(c *fiber.Ctx) error {
 	//basic vars
 	var reqURI, _ = url.QueryUnescape(c.Path()) // /mypic/123.jpg
+
+	// delete ../ in reqURI to mitigate directory traversal
+	reqURI = path.Clean(reqURI)
+
 	var rawImageAbs string
 	if proxyMode {
 		rawImageAbs = config.ImgPath + reqURI