API: Fix paths starting with double leading slash or slash and backslash (#32830)

* API: Fix paths starting with double leading slash or slash and backslash Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2025-02-25 18:55:37 -06:00 · 2021-04-09 11:49:38 +02:00
parent 7c3a528d35
commit 51e4106d1d
1 changed files with 5 additions and 0 deletions
--- a/pkg/api/static/static.go
+++ b/pkg/api/static/static.go
@@ -22,6 +22,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"sync"

@@ -154,6 +155,10 @@ func staticHandler(ctx *macaron.Context, log *log.Logger, opt StaticOptions) boo
 			if !strings.HasPrefix(path, "/") {
 				// Disambiguate that it's a path relative to this server
 				path = fmt.Sprintf("/%s", path)
+			} else {
+				// A string starting with // or /\ is interpreted by browsers as a URL, and not a server relative path
+				rePrefix := regexp.MustCompile(`^(?:/\\|/+)`)
+				path = rePrefix.ReplaceAllString(path, "/")
 			}
 			http.Redirect(ctx.Resp, ctx.Req.Request, path, http.StatusFound)
 			return true