From 6400366b1df68a6d249dc8383f1a27c614bfaf9d Mon Sep 17 00:00:00 2001 From: surdeus Date: Sun, 9 Jun 2024 21:43:16 +0500 Subject: [PATCH] feat: updated xgo and added tpp protection. --- go.mod | 2 +- go.sum | 2 ++ handler.go | 6 +++++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 3daa747..84ec443 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,6 @@ require ( github.com/d5/tengo/v2 v2.17.0 github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 surdeus.su/core/cli v0.1.2 - surdeus.su/core/xgo v0.5.0 + surdeus.su/core/xgo v0.6.0 surdeus.su/util/tpp v0.3.2 ) diff --git a/go.sum b/go.sum index f46df72..eea2b66 100644 --- a/go.sum +++ b/go.sum @@ -6,5 +6,7 @@ surdeus.su/core/cli v0.1.2 h1:qPzjawqPyZsO4Z5SaA1u141recVE65yioA83Qs7Jecs= surdeus.su/core/cli v0.1.2/go.mod h1:r9JtQz3aEJzpYzMaNUNQHJoYkoWKNPi047qhd5uGlmA= surdeus.su/core/xgo v0.5.0 h1:/Rk3scfFkoSb0qjHRlkUNOp9sr/fd7wAvCiT4fBRo+U= surdeus.su/core/xgo v0.5.0/go.mod h1:6C/AHbjfvAMvt3TOzLB4eIZ40eU3ahJXtdY+kr4yXoc= +surdeus.su/core/xgo v0.6.0 h1:r8b2rm7hN35lOScaCuYxMm7bxyESc50UB66J4tGhnk8= +surdeus.su/core/xgo v0.6.0/go.mod h1:6C/AHbjfvAMvt3TOzLB4eIZ40eU3ahJXtdY+kr4yXoc= surdeus.su/util/tpp v0.3.2 h1:ebcnEcY+4tgB4a6trs4GBd2CJjrZJaPKh3i5RKQf8/U= surdeus.su/util/tpp v0.3.2/go.mod h1:rXOVXwvdc7FxRGK/Smy03AXLQiet4N+2imFesic9Vzw= diff --git a/handler.go b/handler.go index 00c42b7..0914f98 100644 --- a/handler.go +++ b/handler.go @@ -108,7 +108,11 @@ func (h *Handler) ServeHTTP( urlPath := r.URL.Path // Cleaning URL path to prevent injections. urlPath = path.Clean(urlPath) - //urlExt := path.Ext(urlPath) + urlExt := path.Ext(urlPath) + if urlExt == h.ext { + http.NotFound(w, r) + return + } filePath := filepath.Join( filepath.FromSlash(h.sourcePath),