mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-12 10:55:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

feat(config): use encode/decode to handle url #249

Browse source
This commit is contained in:
Jacky 2025-04-06 10:55:09 +00:00
parent 4b8d26cf5b
commit 191ddea309
No known key found for this signature in database
GPG key ID: 215C21B10DF38B4D
19 changed files with 235 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

25
api/config/rename.go
View file

@ -2,6 +2,7 @@ package config
import (
"net/http"
"net/url"
"os"
"path/filepath"
"strings"
@ -32,8 +33,28 @@ func Rename(c *gin.Context) {
})
return
}
origFullPath := nginx.GetConfPath(json.BasePath, json.OrigName)
newFullPath := nginx.GetConfPath(json.BasePath, json.NewName)
// Decode paths from URL encoding
decodedBasePath, err := url.QueryUnescape(json.BasePath)
if err != nil {
cosy.ErrHandler(c, err)
return
}
decodedOrigName, err := url.QueryUnescape(json.OrigName)
if err != nil {
cosy.ErrHandler(c, err)
return
}
decodedNewName, err := url.QueryUnescape(json.NewName)
if err != nil {
cosy.ErrHandler(c, err)
return
}
origFullPath := nginx.GetConfPath(decodedBasePath, decodedOrigName)
newFullPath := nginx.GetConfPath(decodedBasePath, decodedNewName)
if !helper.IsUnderDirectory(origFullPath, nginx.GetConfPath()) ||
!helper.IsUnderDirectory(newFullPath, nginx.GetConfPath()) {
c.JSON(http.StatusForbidden, gin.H{