diff options
-rw-r--r-- | CHANGELOG | 3 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | domain.go | 4 | ||||
-rw-r--r-- | domain_test.go | 2 | ||||
-rw-r--r-- | shared/pages/group/group.test.io/public/gz-symlink | 1 | ||||
l--------- | shared/pages/group/group.test.io/public/gz-symlink.gz | 1 |
6 files changed, 10 insertions, 3 deletions
@@ -1,3 +1,6 @@ +v 0.5.1 +- Don't serve statically-compiled `.gz` files that are symlinks + v 0.5.0 - Don't try to update domains if reading the update file fails !32 - Add CORS support to GET requests !33 @@ -1 +1 @@ -0.5.0 +0.5.1 @@ -41,8 +41,8 @@ func handleGZip(w http.ResponseWriter, r *http.Request, fullPath string) string gzipPath := fullPath + ".gz" - _, err := os.Stat(gzipPath) - if err != nil { + // Ensure the .gz file is not a symlink + if fi, err := os.Lstat(gzipPath); err != nil || !fi.Mode().IsRegular() { return fullPath } diff --git a/domain_test.go b/domain_test.go index 3ccac7ca..e1d5154f 100644 --- a/domain_test.go +++ b/domain_test.go @@ -122,6 +122,8 @@ func TestGroupServeHTTPGzip(t *testing.T) { {"GET", "http://group.test.io/", nil, ";; gzip", "main-dir", false}, {"GET", "http://group.test.io/", nil, "middle-out", "main-dir", false}, {"GET", "http://group.test.io/", nil, "gzip; quality=1", "main-dir", false}, + // Symlinked .gz files are not supported + {"GET", "http://group.test.io/gz-symlink", nil, "*", "data", false}, } for _, tt := range testSet { diff --git a/shared/pages/group/group.test.io/public/gz-symlink b/shared/pages/group/group.test.io/public/gz-symlink new file mode 100644 index 00000000..6320cd24 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink @@ -0,0 +1 @@ +data
\ No newline at end of file diff --git a/shared/pages/group/group.test.io/public/gz-symlink.gz b/shared/pages/group/group.test.io/public/gz-symlink.gz new file mode 120000 index 00000000..28e14853 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink.gz @@ -0,0 +1 @@ +../config.json
\ No newline at end of file |