Fixed security bugs with reading files

author: mrw1593 <botahamec@outlook.com> 2023-06-03 09:47:46 -0400
committer: mrw1593 <botahamec@outlook.com> 2023-06-03 09:47:46 -0400
commit: c47c78773aa4affbf47386ca9080604048ebeace (patch)
tree: 750416da1f6a6d8d2783f8fe3e4ab095d79df101 /src/resources/scripts.rs
parent: f1a64b059d430cd2e334e297c43ae8053104ab05 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/resources/scripts.rs b/src/resources/scripts.rs
index 3e2d869..1b27859 100644
--- a/src/resources/scripts.rs
+++ b/src/resources/scripts.rs
@@ -1,7 +1,8 @@
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 use actix_web::{get, http::StatusCode, web, HttpResponse, ResponseError};
 use exun::{Expect, ResultErrorExt};
+use path_clean::clean;
 use raise::yeet;
 use serde::Serialize;
 use thiserror::Error;
@@ -21,7 +22,7 @@ impl ResponseError for LoadScriptError {
 }
 
 fn load(script: &str) -> Result<String, Expect<LoadScriptError>> {
-	let path = PathBuf::from(format!("static/scripts/{}.js", script));
+	let path = clean(format!("static/scripts/{}.js", script));
 	if !path.exists() {
 		yeet!(LoadScriptError::FileNotFound(path.into()).into());
 	}
author	mrw1593 <botahamec@outlook.com>	2023-06-03 09:47:46 -0400
committer	mrw1593 <botahamec@outlook.com>	2023-06-03 09:47:46 -0400
commit	c47c78773aa4affbf47386ca9080604048ebeace (patch)
tree	750416da1f6a6d8d2783f8fe3e4ab095d79df101 /src/resources/scripts.rs
parent	f1a64b059d430cd2e334e297c43ae8053104ab05 (diff)