]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5d5312c)
net/http: don't call FileSystem.Open with unclean index.html path
authorBrad Fitzpatrick <bradfitz@golang.org>
Mon, 15 Sep 2014 11:14:33 +0000 (07:14 -0400)
committerBrad Fitzpatrick <bradfitz@golang.org>
Mon, 15 Sep 2014 11:14:33 +0000 (07:14 -0400)
Fixes #8722

LGTM=adg
R=adg
CC=golang-codereviews
https://golang.org/cl/142090043

src/net/http/fs.go patch | blob | history
src/net/http/fs_test.go patch | blob | history

diff --git a/src/net/http/fs.go b/src/net/http/fs.go
index bae902cd29c474128e2b9537923fc2a47c466caf..7bd777b712da9ff5961ea28dacd9f1c204ea28b7 100644 (file)
--- a/src/net/http/fs.go
+++ b/src/net/http/fs.go
@@ -381,7 +381,7 @@ func serveFile(w ResponseWriter, r *Request, fs FileSystem, name string, redirec
 
        // use contents of index.html for directory, if present
        if d.IsDir() {
-               index := name + indexPage
+               index := strings.TrimSuffix(name, "/") + indexPage
                ff, err := fs.Open(index)
                if err == nil {
                        defer ff.Close()
diff --git a/src/net/http/fs_test.go b/src/net/http/fs_test.go
index a6f33cc42d0d828b961995ae13327f5f76b7cdd8..8770d9b4109e27f972cc780e436c35951a7b62d7 100644 (file)
--- a/src/net/http/fs_test.go
+++ b/src/net/http/fs_test.go
@@ -877,4 +877,41 @@ func TestLinuxSendfileChild(*testing.T) {
        }
 }
 
+func TestFileServerCleanPath(t *testing.T) {
+       tests := []struct {
+               path     string
+               wantCode int
+               wantOpen []string
+       }{
+               {"/", 200, []string{"/", "/index.html"}},
+               {"/dir", 301, []string{"/dir"}},
+               {"/dir/", 200, []string{"/dir", "/dir/index.html"}},
+       }
+       for _, tt := range tests {
+               var log []string
+               rr := httptest.NewRecorder()
+               req, _ := NewRequest("GET", "http://foo.localhost"+tt.path, nil)
+               FileServer(fileServerCleanPathDir{&log}).ServeHTTP(rr, req)
+               if !reflect.DeepEqual(log, tt.wantOpen) {
+                       t.Logf("For %s: Opens = %q; want %q", tt.path, log, tt.wantOpen)
+               }
+               if rr.Code != tt.wantCode {
+                       t.Logf("For %s: Response code = %d; want %d", tt.path, rr.Code, tt.wantCode)
+               }
+       }
+}
+
+type fileServerCleanPathDir struct {
+       log *[]string
+}
+
+func (d fileServerCleanPathDir) Open(path string) (File, error) {
+       *(d.log) = append(*(d.log), path)
+       if path == "/" || path == "/dir" || path == "/dir/" {
+               // Just return back something that's a directory.
+               return Dir(".").Open(".")
+       }
+       return nil, os.ErrNotExist
+}
+
 type panicOnSeek struct{ io.ReadSeeker }
Go GOST TLS 1.3