internal/pathutil/pathutil.go

package pathutil

import (
	"path"
	"strings"
)

// Clean cleans up given path and returns a relative path that goes straight
// down to prevent path traversal.
//
// 🚨 SECURITY: This function MUST be used for any user input that is used as
// file system path to prevent path traversal.
func Clean(p string) string {
	p = strings.ReplaceAll(p, `\`, "/")
	return strings.Trim(path.Clean("/"+p), "/")
}
repo/editor: clean up tree path Fixes a security issue reported by @zeripath. 2020-02-19 23:45:02 +08:00			`package pathutil`

			`import (`
			`"path"`
			`"strings"`
			`)`

pathutil: check both styles of `os.PathSeparator` (#7020) 2022-06-07 20:34:46 +08:00			`// Clean cleans up given path and returns a relative path that goes straight`
			`// down to prevent path traversal.`
api: clean file path for updating repo contents (#7859) ## Describe the pull request Link to the issue: closes https://github.com/gogs/gogs/issues/7582 2024-12-14 21:30:34 -05:00			`//`
			`// 🚨 SECURITY: This function MUST be used for any user input that is used as`
			`// file system path to prevent path traversal.`
repo/editor: clean up tree path Fixes a security issue reported by @zeripath. 2020-02-19 23:45:02 +08:00			`func Clean(p string) string {`
pathutil: check both styles of `os.PathSeparator` (#7020) 2022-06-07 20:34:46 +08:00			p = strings.ReplaceAll(p, `\`, "/")
repo/editor: clean up tree path Fixes a security issue reported by @zeripath. 2020-02-19 23:45:02 +08:00			`return strings.Trim(path.Clean("/"+p), "/")`
			`}`