mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 02:15:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat(config): use encode/decode to handle url #249

Browse source
This commit is contained in:
Jacky 2025-04-06 10:55:09 +00:00
parent 4b8d26cf5b
commit 191ddea309
No known key found for this signature in database
GPG key ID: 215C21B10DF38B4D
19 changed files with 235 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

21
api/config/add.go
View file

@ -2,6 +2,7 @@ package config
import (
"net/http"
"net/url"
"os"
"path/filepath"
"time"
@ -28,8 +29,22 @@ func AddConfig(c *gin.Context) {
name := json.Name
content := json.Content
dir := nginx.GetConfPath(json.BaseDir)
path := filepath.Join(dir, json.Name)
// Decode paths from URL encoding
decodedBaseDir, err := url.QueryUnescape(json.BaseDir)
if err != nil {
cosy.ErrHandler(c, err)
return
}
decodedName, err := url.QueryUnescape(name)
if err != nil {
cosy.ErrHandler(c, err)
return
}
dir := nginx.GetConfPath(decodedBaseDir)
path := filepath.Join(dir, decodedName)
if !helper.IsUnderDirectory(path, nginx.GetConfPath()) {
c.JSON(http.StatusForbidden, gin.H{
"message": "filepath is not under the nginx conf path",
@ -53,7 +68,7 @@ func AddConfig(c *gin.Context) {
}
}
err := os.WriteFile(path, []byte(content), 0644)
err = os.WriteFile(path, []byte(content), 0644)
if err != nil {
cosy.ErrHandler(c, err)
return