Commit 902fc114 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

net/http: try to document ServeFile security more

We've expanded this several times. Try more.

Fixes #18837

Change-Id: I03b699391351a30ee60a15d7aa712c6c66444cf9
Reviewed-on: https://go-review.googlesource.com/125875Reviewed-by: 's avatarIan Lance Taylor <iant@golang.org>
parent 9dab3847
......@@ -650,15 +650,23 @@ func localRedirect(w ResponseWriter, r *Request, newPath string) {
// file or directory.
//
// If the provided file or directory name is a relative path, it is
// interpreted relative to the current directory and may ascend to parent
// directories. If the provided name is constructed from user input, it
// should be sanitized before calling ServeFile. As a precaution, ServeFile
// will reject requests where r.URL.Path contains a ".." path element.
// interpreted relative to the current directory and may ascend to
// parent directories. If the provided name is constructed from user
// input, it should be sanitized before calling ServeFile.
//
// As a special case, ServeFile redirects any request where r.URL.Path
// As a precaution, ServeFile will reject requests where r.URL.Path
// contains a ".." path element; this protects against callers who
// might unsafely use filepath.Join on r.URL.Path without sanitizing
// it and then use that filepath.Join result as the name argument.
//
// As another special case, ServeFile redirects any request where r.URL.Path
// ends in "/index.html" to the same path, without the final
// "index.html". To avoid such redirects either modify the path or
// use ServeContent.
//
// Outside of those two special cases, ServeFile does not use
// r.URL.Path for selecting the file or directory to serve; only the
// file or directory provided in the name argument is used.
func ServeFile(w ResponseWriter, r *Request, name string) {
if containsDotDot(r.URL.Path) {
// Too many programs use r.URL.Path to construct the argument to
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment