Skip to content

Commit a6fc660

Browse files
brendensoaresbrendensoares
committed
Bumps version number for patch; Adds comments to static module
1 parent 9b24f89 commit a6fc660

File tree

2 files changed

+30
-23
lines changed

2 files changed

+30
-23
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
A high productivity, full-stack web framework for the [Go language](http://www.golang.org).
44

5-
Current Version: 0.11.2 (Nov 23, 2014)
5+
Current Version: 0.11.3 (Jan 3, 2015)
66

77
**As of Revel 0.11.0, Go 1.3+ is required.**
88

modules/static/app/controllers/static.go

Lines changed: 29 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,31 @@ func (c Static) Serve(prefix, filepath string) revel.Result {
5151

5252
return serve(c, prefix, filepath)
5353
}
54+
55+
// This method allows modules to serve binary files. The parameters are the same
56+
// as Static.Serve with the additional module name pre-pended to the list of
57+
// arguments.
58+
func (c Static) ServeModule(moduleName, prefix, filepath string) revel.Result {
59+
// Fix for #503.
60+
prefix = c.Params.Fixed.Get("prefix")
61+
if prefix == "" {
62+
return c.NotFound("")
63+
}
64+
65+
var basePath string
66+
for _, module := range revel.Modules {
67+
if module.Name == moduleName {
68+
basePath = module.Path
69+
}
70+
}
71+
72+
absPath := fpath.Join(basePath, fpath.FromSlash(prefix))
73+
74+
return serve(c, absPath, filepath)
75+
}
76+
77+
78+
// This method allows static serving of application files in a verified manner.
5479
func serve(c Static, prefix, filepath string) revel.Result {
5580
var basePath string
5681
if !fpath.IsAbs(prefix) {
@@ -59,11 +84,13 @@ func serve(c Static, prefix, filepath string) revel.Result {
5984

6085
basePathPrefix := fpath.Join(basePath, fpath.FromSlash(prefix))
6186
fname := fpath.Join(basePathPrefix, fpath.FromSlash(filepath))
87+
// Verify the request file path is within the application's scope of access
6288
if !strings.HasPrefix(fname, basePathPrefix) {
6389
revel.WARN.Printf("Attempted to read file outside of base path: %s", fname)
6490
return c.NotFound("")
6591
}
6692

93+
// Verify file path is accessible
6794
finfo, err := os.Stat(fname)
6895
if err != nil {
6996
if os.IsNotExist(err) || err.(*os.PathError).Err == syscall.ENOTDIR {
@@ -74,11 +101,13 @@ func serve(c Static, prefix, filepath string) revel.Result {
74101
return c.RenderError(err)
75102
}
76103

104+
// Disallow directory listing
77105
if finfo.Mode().IsDir() {
78106
revel.WARN.Printf("Attempted directory listing of %s", fname)
79107
return c.Forbidden("Directory listing not allowed")
80108
}
81109

110+
// Open request file path
82111
file, err := os.Open(fname)
83112
if err != nil {
84113
if os.IsNotExist(err) {
@@ -90,25 +119,3 @@ func serve(c Static, prefix, filepath string) revel.Result {
90119
}
91120
return c.RenderFile(file, revel.Inline)
92121
}
93-
94-
// This method allows modules to serve binary files. The parameters are the same
95-
// as Static.Serve with the additional module name pre-pended to the list of
96-
// arguments.
97-
func (c Static) ServeModule(moduleName, prefix, filepath string) revel.Result {
98-
// Fix for #503.
99-
prefix = c.Params.Fixed.Get("prefix")
100-
if prefix == "" {
101-
return c.NotFound("")
102-
}
103-
104-
var basePath string
105-
for _, module := range revel.Modules {
106-
if module.Name == moduleName {
107-
basePath = module.Path
108-
}
109-
}
110-
111-
absPath := fpath.Join(basePath, fpath.FromSlash(prefix))
112-
113-
return serve(c, absPath, filepath)
114-
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy