diff options
author | Nick Thomas <nick@gitlab.com> | 2017-08-29 16:29:58 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-08-29 16:29:58 +0300 |
commit | 36f16fdf8b02854e1693a7986d167157f03646d4 (patch) | |
tree | 8d2827aad3d201db2e14bcdd71a74436611de970 | |
parent | 34a68fc5297982c62c5b3947be84555fe3a99dc3 (diff) | |
parent | 5f15bedf87e3f2b34331c9a57cd8ec809cc26e16 (diff) |
Merge branch 'pages-gz-symlink-0.4.4' into '0-4-stable'v0.4.40-4-stable
Don't serve statically-compiled `.gz` files that are symlinks (v0.4.4)
See merge request gitlab/gitlab-pages!2
-rw-r--r-- | CHANGELOG | 3 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | domain.go | 6 | ||||
-rw-r--r-- | domain_test.go | 2 | ||||
-rw-r--r-- | shared/pages/group/group.test.io/public/gz-symlink | 1 | ||||
l--------- | shared/pages/group/group.test.io/public/gz-symlink.gz | 1 |
6 files changed, 10 insertions, 5 deletions
@@ -1,3 +1,6 @@ +v 0.4.4 +- Don't serve statically-compiled `.gz` files that are symlinks + v 0.4.3 - Fix domain lookups when Pages is exposed on non-default ports @@ -1 +1 @@ -0.4.3 +0.4.4 @@ -35,8 +35,7 @@ func acceptsGZip(r *http.Request) bool { func (d *domain) serveFile(w http.ResponseWriter, r *http.Request, fullPath string) error { // Open and serve content of file if acceptsGZip(r) { - _, err := os.Stat(fullPath + ".gz") - if err == nil { + if fi, err := os.Lstat(fullPath + ".gz"); err == nil && fi.Mode().IsRegular() { // Set the content type based on the non-gzipped extension _, haveType := w.Header()["Content-Type"] if !haveType { @@ -70,8 +69,7 @@ func (d *domain) serveCustomFile(w http.ResponseWriter, r *http.Request, code in // Open and serve content of file ext := filepath.Ext(fullPath) if acceptsGZip(r) { - _, err := os.Stat(fullPath + ".gz") - if err == nil { + if fi, err := os.Lstat(fullPath + ".gz"); err == nil && fi.Mode().IsRegular() { // Serve up the gzipped version fullPath += ".gz" w.Header().Set("Content-Encoding", "gzip") diff --git a/domain_test.go b/domain_test.go index b4879ee0..6ca1424f 100644 --- a/domain_test.go +++ b/domain_test.go @@ -121,6 +121,8 @@ func TestGroupServeHTTPGzip(t *testing.T) { {"GET", "http://group.test.io/", nil, ";; gzip", "main-dir", false}, {"GET", "http://group.test.io/", nil, "middle-out", "main-dir", false}, {"GET", "http://group.test.io/", nil, "gzip; quality=1", "main-dir", false}, + // Symlinked .gz files are not supported + {"GET", "http://group.test.io/gz-symlink", nil, "*", "data", false}, } for _, tt := range testSet { diff --git a/shared/pages/group/group.test.io/public/gz-symlink b/shared/pages/group/group.test.io/public/gz-symlink new file mode 100644 index 00000000..6320cd24 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink @@ -0,0 +1 @@ +data
\ No newline at end of file diff --git a/shared/pages/group/group.test.io/public/gz-symlink.gz b/shared/pages/group/group.test.io/public/gz-symlink.gz new file mode 120000 index 00000000..28e14853 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink.gz @@ -0,0 +1 @@ +../config.json
\ No newline at end of file |