mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-07 23:13:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

mediaapi/writers/fileutils: Make note of further file path validation todo

Browse source
This commit is contained in:
Robert Swain 2017-05-18 18:00:56 +02:00
parent 7af45e4664
commit 5dd90fbff3
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/github.com/matrix-org/dendrite/mediaapi/writers/fileutils.go
View file

@ -105,6 +105,11 @@ func getPathFromMediaMetadata(m *types.MediaMetadata, absBasePath types.Path) (s
fileName, fileName,
)) ))
// FIXME:
// - validate origin
// - sanitize mediaID (e.g. '/' characters and such)
// - validate length of origin and mediaID according to common filesystem limitations
// check if the absolute absBasePath is a prefix of the absolute filePath // check if the absolute absBasePath is a prefix of the absolute filePath
// if so, no directory escape has occurred and the filePath is valid // if so, no directory escape has occurred and the filePath is valid
// Note: absBasePath is already absolute // Note: absBasePath is already absolute