probablycorey/toes
1
0
Fork 0
forked from defunkt/toes
Code Pull Requests Activity

Fix path normalization in safePath function

Browse Source
This commit is contained in:
Chris Wanstrath 2026-03-01 22:37:46 -08:00
parent c081785d37
commit e17580c366
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/code/src/server/index.tsx
View File

@ -9,8 +9,9 @@ import type { Child } from 'hono/jsx'
const APPS_DIR = process.env.APPS_DIR! const APPS_DIR = process.env.APPS_DIR!
const safePath = (base: string, ...segments: string[]) => { const safePath = (base: string, ...segments: string[]) => {
const full = resolve(base, ...segments) const norm = resolve(base)
if (!full.startsWith(base + '/') && full !== base) return null const full = resolve(norm, ...segments)
if (!full.startsWith(norm + '/') && full !== norm) return null
return full return full
} }