|
@ -20,6 +20,14 @@ import ( |
|
|
"github.com/zenazn/goji/web" |
|
|
"github.com/zenazn/goji/web" |
|
|
) |
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
var fileBlacklist = map[string]bool{ |
|
|
|
|
|
"favicon.ico": true, |
|
|
|
|
|
"index.htm": true, |
|
|
|
|
|
"index.html": true, |
|
|
|
|
|
"index.php": true, |
|
|
|
|
|
"robots.txt": true, |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
// Describes metadata directly from the user request
|
|
|
// Describes metadata directly from the user request
|
|
|
type UploadRequest struct { |
|
|
type UploadRequest struct { |
|
|
src io.Reader |
|
|
src io.Reader |
|
@ -227,6 +235,10 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) { |
|
|
fileexists = err == nil |
|
|
fileexists = err == nil |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if fileBlacklist[strings.ToLower(upload.Filename)] { |
|
|
|
|
|
return upload, errors.New("Prohibited filename") |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
dst, err := os.Create(path.Join(Config.filesDir, upload.Filename)) |
|
|
dst, err := os.Create(path.Join(Config.filesDir, upload.Filename)) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
return |
|
|
return |
|
|