Cypherpunks repositories - gostls13.git/commit

author	Brad Fitzpatrick <bradfitz@golang.org>
	Tue, 26 Jan 2016 19:57:19 +0000 (19:57 +0000)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Wed, 27 Jan 2016 17:11:22 +0000 (17:11 +0000)
commit	9b67a5de79af56541c48c95c6d7ddc8630e1d0dc
tree	52d147ee0dc6499d3b3667f8fb07617569f0a20e	tree
parent	158f19b259da623c1afcfaa1812a71601aa2d2a8	commit \| diff

net/http: add protections against misuse of ServeFile

Martin Lenord pointed out that bad patterns have emerged in online
examples of how to use ServeFile, where people pass r.URL.Path[1:] to
ServeFile. This is unsafe. Document that it's unsafe, and add some
protections.

Fixes #14110

Change-Id: Ifeaa15534b2b3e46d3a8137be66748afa8fcd634
Reviewed-on: https://go-review.googlesource.com/18939
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>

src/net/http/fs.go		diff \| blob \| history
src/net/http/fs_test.go		diff \| blob \| history