From b5c4cb1bde8acc2f3588211dba4ea65516c0e453 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 23 Mar 2021 19:44:37 +0100 Subject: [PATCH] Fix bug on avatar middleware (#15124) (#15126) Co-authored-by: Lunny Xiao --- routers/routes/base.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/routers/routes/base.go b/routers/routes/base.go index 12a35936b..743582d4a 100644 --- a/routers/routes/base.go +++ b/routers/routes/base.go @@ -11,6 +11,7 @@ import ( "net/http" "os" "path" + "path/filepath" "strings" "time" @@ -87,13 +88,21 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor return } - if !strings.HasPrefix(req.URL.RequestURI(), "/"+prefix) { + prefix := strings.Trim(prefix, "/") + + if !strings.HasPrefix(req.URL.EscapedPath(), "/"+prefix+"/") { next.ServeHTTP(w, req) return } - rPath := strings.TrimPrefix(req.URL.RequestURI(), "/"+prefix) + rPath := strings.TrimPrefix(req.URL.EscapedPath(), "/"+prefix+"/") rPath = strings.TrimPrefix(rPath, "/") + if rPath == "" { + http.Error(w, "file not found", 404) + return + } + rPath = path.Clean("/" + filepath.ToSlash(rPath)) + rPath = rPath[1:] fi, err := objStore.Stat(rPath) if err == nil && httpcache.HandleTimeCache(req, w, fi) {