actix/actix-website
1
0
Fork 0
mirror of https://github.com/actix/actix-website synced 2024-11-27 10:02:57 +01:00
Code Issues Releases Wiki Activity

Remove invalid docs regarding parsing PathBuf (#230)

Browse Source 
This paragraph is no longer valid since v1.0!

Also, the example code still compiles fine and this may easily introduce
a security vulnerability for the user.
This commit is contained in:
Ali MJ Al-Nasrawy 2021-06-01 15:04:35 +03:00 committed by GitHub
parent 63d70701e0
commit 09ad5775ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/docs/url-dispatch.md
View File

@ -259,24 +259,6 @@ Specific values can be retrieved with [`Path::get()`][pathget].
For this example for path '/a/1/2/', values v1 and v2 will resolve to "1" and "2".
It is possible to create a `PathBuf` from a tail path parameter. The returned `PathBuf` is
percent-decoded. If a segment is equal to "..", the previous segment (if
any) is skipped.
For security purposes, if a segment meets any of the following conditions,
an `Err` is returned indicating the condition met:
* Decoded segment starts with any of: `.` (except `..`), `*`
* Decoded segment ends with any of: `:`, `>`, `<`
* Decoded segment contains any of: `/`
* On Windows, decoded segment contains any of: '\'
* Percent-encoding results in invalid UTF8.
As a result of these conditions, a `PathBuf` parsed from request path parameter is
safe to interpolate within, or use as a suffix of, a path without additional checks.
{{< include-example example="url-dispatch" file="pbuf.rs" section="pbuf" >}}
## Path information extractor
Actix provides functionality for type safe path information extraction. [*Path*][pathstruct]

1
examples/url-dispatch/src/main.rs
View File

@ -7,7 +7,6 @@ pub mod norm;
pub mod norm2;
pub mod path;
pub mod path2;
pub mod pbuf;
pub mod resource;
pub mod scope;
pub mod url_ext;

18
examples/url-dispatch/src/pbuf.rs
View File

@ -1,18 +0,0 @@
// <pbuf>
use actix_web::{get, App, HttpRequest, HttpServer, Result};
use std::path::PathBuf;
#[get("/a/{tail:.*}")]
async fn index(req: HttpRequest) -> Result<String> {
let path: PathBuf = req.match_info().query("tail").parse().unwrap();
Ok(format!("Path {:?}", path))
}
#[actix_web::main]
async fn main() -> std::io::Result<()> {
HttpServer::new(|| App::new().service(index))
.bind("127.0.0.1:8080")?
.run()
.await
}
// </pbuf>