(raw string)
| 745 | } |
| 746 | |
| 747 | func normalizeContentPathRelativeInput(raw string) (string, error) { |
| 748 | trimmed := strings.TrimSpace(raw) |
| 749 | if trimmed == "" { |
| 750 | return "", errors.New("content path is required") |
| 751 | } |
| 752 | |
| 753 | trimmed = strings.ReplaceAll(trimmed, "\\", "/") |
| 754 | normalized := filepath.Clean(filepath.FromSlash(trimmed)) |
| 755 | if filepath.IsAbs(normalized) { |
| 756 | return "", errors.New("absolute paths are not allowed") |
| 757 | } |
| 758 | if normalized == ".." || strings.HasPrefix(normalized, ".."+string(filepath.Separator)) { |
| 759 | return "", errors.New("path traversal detected") |
| 760 | } |
| 761 | |
| 762 | return normalized, nil |
| 763 | } |
| 764 | |
| 765 | func resolveProxyContentPath(basePath, relativePath string) (string, error) { |
| 766 | cleanBase := filepath.Clean(basePath) |
no outgoing calls