mirror of
https://github.com/lxsang/silk.git
synced 2024-12-25 12:38:21 +01:00
feat: AssetController shall denies access to files in folder that has a .DENIED file
All checks were successful
gitea-sync/silk/pipeline/head This commit looks good
All checks were successful
gitea-sync/silk/pipeline/head This commit looks good
This commit is contained in:
parent
14e20cf41e
commit
824769dee2
@ -1,5 +1,5 @@
|
||||
# initialise autoconf and set up some basic information about the program we’re packaging
|
||||
AC_INIT([silk], [0.1.1], [xsang.le@gmail.com])
|
||||
AC_INIT([silk], [0.2.0], [xsang.le@gmail.com])
|
||||
|
||||
# We’re going to use automake for this project
|
||||
# [subdir-objects] if needed
|
||||
|
@ -93,8 +93,19 @@ function AssetController:index(...)
|
||||
end
|
||||
|
||||
function AssetController:get(...)
|
||||
local path = WWW_ROOT..DIR_SEP..implode({...}, DIR_SEP)
|
||||
|
||||
-- check for access in all parent DIR
|
||||
local DENIEDF = ".DENIED"
|
||||
local curr_dir = WWW_ROOT
|
||||
local args = {...}
|
||||
for i, v in ipairs(explode(args[1], "/")) do
|
||||
LOG_DEBUG("Checking acess for %s", curr_dir)
|
||||
if ulib.exists(curr_dir..DIR_SEP..DENIEDF) then
|
||||
self:error("Access forbidden: "..curr_dir)
|
||||
return false
|
||||
end
|
||||
curr_dir = curr_dir..DIR_SEP..v
|
||||
end
|
||||
local path = WWW_ROOT..DIR_SEP..implode(args, DIR_SEP)
|
||||
if self.registry.fileaccess and ulib.exists(path) then
|
||||
local mime = std.mimeOf(path)
|
||||
if POLICY.mimes[mime] then
|
||||
|
Loading…
Reference in New Issue
Block a user