flounder

A simple gemini site builder
Log | Files | Refs | README | LICENSE

commit aab409b8e765ec76e2ac91194a57f3734d81b1fe
parent 1dc7bca96c49c3edf181006277ec8baa5134e3e2
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Thu, 29 Oct 2020 18:25:16 -0700

check mimetype on edit file

Diffstat:
Mhttp.go | 6++++++
1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/http.go b/http.go @@ -13,6 +13,7 @@ import ( "io" "io/ioutil" "log" + "mime" "net/http" "os" "path" @@ -82,6 +83,11 @@ func editFileHandler(w http.ResponseWriter, r *http.Request) { return } fileName := filepath.Clean(r.URL.Path[len("/edit/"):]) + isText := strings.HasPrefix(mime.TypeByExtension(path.Ext(fileName)), "text") + if !isText { + renderError(w, "Not a text file", 400) // correct status code? + return + } filePath := path.Join(c.FilesDirectory, authUser, fileName) if r.Method == "GET" { err := checkIfValidFile(filePath, nil)