Browse Source

Do not follow symbolic links by default

Resolves #4.
master
Trevor Slocum 2 years ago
parent
commit
4f4e2a8cbe
  1. 4
      CONFIGURATION.md
  2. 3
      config.go
  3. 11
      server.go

4
CONFIGURATION.md

@ -102,6 +102,10 @@ Cache duration (in seconds). Set to `0` to disable caching entirely. This is an
out-of-spec feature. See [PROPOSALS.md](https://gitlab.com/tslocum/twins/blob/master/PROPOSALS.md)
for more information.
##### SymLinks
When enabled, symbolic links may be accessed. This attribute is disabled by default.
##### HiddenFiles
When enabled, hidden files and directories may be accessed. This attribute is

3
config.go

@ -31,6 +31,9 @@ type pathConfig struct {
// Request sensitive input
SensitiveInput string
// Follow symbolic links
SymLinks bool
// Serve hidden files and directories
HiddenFiles bool

11
server.go

@ -154,6 +154,17 @@ func servePath(c *tls.Conn, request *url.URL, serve *pathConfig) {
if root[len(root)-1] != '/' {
root += "/"
}
if !serve.SymLinks {
for i := range requestSplit[pathSlashes:] {
info, err := os.Lstat(path.Join(root, strings.Join(requestSplit[pathSlashes:pathSlashes+i+1], "/")))
if err != nil || info.Mode()&os.ModeSymlink == os.ModeSymlink {
writeStatus(c, statusTemporaryFailure)
return
}
}
}
filePath = path.Join(root, resolvedPath)
}

Loading…
Cancel
Save