Skip to content

Commit 3a8d989

Browse files
tucksauntucksaun
committed
Prevent directory traversal
1 parent e8c822f commit 3a8d989

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

local/php/envs.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ func (p *Server) generateEnv(req *http.Request) map[string]string {
3838

3939
pathInfo := req.URL.Path
4040
if pos := strings.Index(strings.ToLower(pathInfo), ".php"); pos != -1 {
41-
file := pathInfo[:pos+4]
41+
file := filepath.Clean(pathInfo[:pos+4])
4242
if _, err := os.Stat(filepath.Join(p.documentRoot, file)); err == nil {
4343
scriptName = file
4444
pathInfo = pathInfo[pos+4:]

0 commit comments

Comments
 (0)