defunkt/toes
1
0
Fork 1
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Fix path normalization in safePath function

Browse Source
This commit is contained in:
Chris Wanstrath 2026-03-01 22:37:46 -08:00
parent c081785d37
commit e17580c366
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/code/src/server/index.tsx
View File

@ -9,8 +9,9 @@ import type { Child } from 'hono/jsx'
const APPS_DIR = process.env.APPS_DIR!
const safePath = (base: string, ...segments: string[]) => {
const full = resolve(base, ...segments)
if (!full.startsWith(base + '/') && full !== base) return null
const norm = resolve(base)
const full = resolve(norm, ...segments)
if (!full.startsWith(norm + '/') && full !== norm) return null
return full
}