Skip to content

How to handle root with ..? #42

New issue
New issue
Closed
#43
Closed
How to handle root with ..?#42
#43
@eriksjolund

Description

@eriksjolund
eriksjolund
opened on Jan 9, 2025

If root would contain .. this would be more correct

diff --git a/join.go b/join.go
index e0ee3f2..e3d5629 100644
--- a/join.go
+++ b/join.go
@@ -115,7 +115,7 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) {
        // There should be no lexical components like ".." left in the path here,
        // but for safety clean up the path before joining it to the root.
        finalPath := filepath.Join(string(filepath.Separator), currentPath)
-       return filepath.Join(root, finalPath), nil
+       return root + string(os.PathSeparator) + finalPath, nil
 }
 
 // SecureJoin is a wrapper around [SecureJoinVFS] that just uses the [os].* library

Or maybe an error should be returned if the root contains ..?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions