- commit
- a0926f1
- parent
- d517bbd
- author
- Eric Bower
- date
- 2024-01-02 19:52:05 +0000 UTC
fix(imgs): dont clip ext unless actually file ext Closes: https://github.com/picosh/pico/issues/65
1 files changed,
+13,
-3
+13,
-3
1@@ -7,6 +7,7 @@ import (
2 "io"
3 "net/http"
4 "net/url"
5+ "path/filepath"
6 "time"
7
8 _ "net/http/pprof"
9@@ -297,9 +298,18 @@ func imgRequest(w http.ResponseWriter, r *http.Request) {
10
11 ratio, _ := storage.GetRatio(dimes)
12
13- // users might add the file extension when requesting an image
14- // but we want to remove that
15- slug = shared.SanitizeFileExt(slug)
16+ ext := filepath.Ext(slug)
17+ // Files can contain periods. `filepath.Ext` is greedy and will clip the last period in the slug
18+ // and call that a file extension so we want to be explicit about what
19+ // file extensions we clip here
20+ for _, fext := range cfg.AllowedExt {
21+ if ext == fext {
22+ // users might add the file extension when requesting an image
23+ // but we want to remove that
24+ slug = shared.SanitizeFileExt(slug)
25+ break
26+ }
27+ }
28
29 dbpool := shared.GetDB(r)
30 st := shared.GetStorage(r)