|
|
|
@ -1,6 +1,7 @@
|
|
|
|
|
package core
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"os/user"
|
|
|
|
|
"path"
|
|
|
|
|
"strings"
|
|
|
|
|
)
|
|
|
|
@ -30,14 +31,19 @@ func NewSanitizedPathAtRoot(root, rel string) *Path {
|
|
|
|
|
func buildPathUserSpacesEnabled(rawPath string) *Path {
|
|
|
|
|
if strings.HasPrefix(rawPath, "/~") {
|
|
|
|
|
// Get username and raw path
|
|
|
|
|
username, rawPath := SplitByBefore(rawPath[2:], "/")
|
|
|
|
|
username, path := SplitByBefore(rawPath[2:], "/")
|
|
|
|
|
|
|
|
|
|
// Treat username as a raw path, sanitizing to check for
|
|
|
|
|
// dir traversals
|
|
|
|
|
username = sanitizePath(username)
|
|
|
|
|
// See if this user exists, get their home directory
|
|
|
|
|
user, err := user.Lookup(username)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return NewSanitizedPathAtRoot(Root, rawPath)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate user public server root
|
|
|
|
|
userRoot := joinSanitizedPaths(user.HomeDir, "public_"+protocol)
|
|
|
|
|
|
|
|
|
|
// Return sanitized path using user home dir as root
|
|
|
|
|
return NewSanitizedPathAtRoot("/home/"+username+"/public_"+protocol, rawPath)
|
|
|
|
|
return NewSanitizedPathAtRoot(userRoot, path)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return sanitized path at server root
|
|
|
|
|