Skip to content

Commit b12965b

Browse files
kataraskataras
committed
minor
1 parent 4d13ff3 commit b12965b

File tree

2 files changed

+17
-9
lines changed

2 files changed

+17
-9
lines changed

_examples/file-server/upload-files/main.go

+7-2
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,11 @@ func newApp() *iris.Application {
4949
// it can be used to change a file's name based on the request,
5050
// at this example we will showcase how to use it
5151
// by prefixing the uploaded file with the current user's ip.
52-
ctx.UploadFormFiles("./uploads", beforeSave)
52+
_, _, err := ctx.UploadFormFiles("./uploads", beforeSave)
53+
if err != nil {
54+
ctx.StopWithError(iris.StatusBadRequest, err)
55+
return
56+
}
5357
})
5458

5559
app.Post("/upload_manual", func(ctx iris.Context) {
@@ -96,6 +100,7 @@ func beforeSave(ctx iris.Context, file *multipart.FileHeader) bool {
96100
return true // don't change the file but continue saving it.
97101
}
98102

99-
file.Filename = ip + "-" + file.Filename
103+
_ = ip
104+
// file.Filename = ip + "-" + file.Filename
100105
return true
101106
}

context/context.go

+10-7
Original file line numberDiff line numberDiff line change
@@ -2456,23 +2456,26 @@ func (ctx *Context) UploadFormFiles(destDirectory string, before ...func(*Contex
24562456
destPath := filepath.Join(destDirectory, filename)
24572457

24582458
// Get the canonical path of the destination
2459-
canonicalDestPath, err := filepath.EvalSymlinks(destPath)
2460-
if err != nil {
2461-
return nil, 0, err
2462-
}
2459+
// canonicalDestPath, err := filepath.EvalSymlinks(destPath)
2460+
// if err != nil {
2461+
// return nil, 0, fmt.Errorf("dest path: %s: eval symlinks: %w", destPath, err)
2462+
// }
2463+
// ^ No, it will try to find the file before uploaded.
24632464

24642465
// Get the canonical path of the destination directory.
2465-
canonicalDestDir, err := filepath.EvalSymlinks(destDirectory)
2466+
canonicalDestDir, err := filepath.EvalSymlinks(destDirectory) // the destDirectory should exists.
24662467
if err != nil {
2467-
return nil, 0, err
2468+
return nil, 0, fmt.Errorf("dest directory: %s: eval symlinks: %w", destDirectory, err)
24682469
}
24692470

24702471
// Check if the destination path is within the destination directory.
2471-
if !strings.HasPrefix(canonicalDestPath, canonicalDestDir) {
2472+
if !strings.HasPrefix(destPath, canonicalDestDir) {
24722473
// Reject the input as it is a path traversal attempt.
24732474
continue innerLoop
24742475
}
24752476

2477+
file.Filename = filename
2478+
24762479
n0, err0 := ctx.SaveFormFile(file, destPath)
24772480
if err0 != nil {
24782481
return nil, 0, err0

0 commit comments

Comments
 (0)