diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2019-11-28 18:23:57 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2019-11-28 18:23:57 +0300 |
commit | bd16d63cd84f28c3992f45eef9b57c93b3cc572b (patch) | |
tree | 9240d070f4c5d5b0ac9485720cbcaca7a2c8ee2a /internal/source/gitlab/gitlab.go | |
parent | 738d560e79d3488277fa1355a5df4484c32a251c (diff) |
Sanitize pages URL before calculating lookup path
Diffstat (limited to 'internal/source/gitlab/gitlab.go')
-rw-r--r-- | internal/source/gitlab/gitlab.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/internal/source/gitlab/gitlab.go b/internal/source/gitlab/gitlab.go index 4abfe225..7df07f9c 100644 --- a/internal/source/gitlab/gitlab.go +++ b/internal/source/gitlab/gitlab.go @@ -3,6 +3,7 @@ package gitlab import ( "errors" "net/http" + "path" "strings" "gitlab.com/gitlab-org/gitlab-pages/internal/domain" @@ -54,7 +55,9 @@ func (g *Gitlab) Resolve(r *http.Request) (*serving.LookupPath, string, error) { } for _, lookup := range response.LookupPaths { - if strings.Contains(r.URL.Path, lookup.Prefix) { + urlPath := path.Clean(r.URL.Path) + + if strings.HasPrefix(urlPath, lookup.Prefix) { lookupPath := &serving.LookupPath{ Prefix: lookup.Prefix, Path: strings.TrimPrefix(lookup.Source.Path, "/"), @@ -64,9 +67,9 @@ func (g *Gitlab) Resolve(r *http.Request) (*serving.LookupPath, string, error) { ProjectID: uint64(lookup.ProjectID), } - requestPath := strings.TrimPrefix(r.URL.Path, lookup.Prefix) + requestPath := strings.TrimPrefix(urlPath, lookup.Prefix) - return lookupPath, requestPath, nil + return lookupPath, strings.TrimPrefix(requestPath, "/"), nil } } |