1
0
mirror of https://github.com/actix/examples synced 2024-11-30 17:14:35 +01:00

Sanitize filename

This commit is contained in:
Yuki Okushi 2020-05-19 13:48:49 +09:00
parent bc6f614f78
commit 7823473f8d
No known key found for this signature in database
GPG Key ID: B0986C85C0E2DAA1
6 changed files with 6 additions and 3 deletions

View File

@ -15,3 +15,4 @@ actix-multipart = "0.2.0"
actix-web = "2.0.0" actix-web = "2.0.0"
actix-rt = "1.0.0" actix-rt = "1.0.0"
async-std = "1.4.0" async-std = "1.4.0"
sanitize-filename = "0.2"

View File

@ -12,7 +12,7 @@ async fn save_file(mut payload: Multipart) -> Result<HttpResponse, Error> {
let filename = content_type let filename = content_type
.get_filename() .get_filename()
.ok_or_else(|| actix_web::error::ParseError::Incomplete)?; .ok_or_else(|| actix_web::error::ParseError::Incomplete)?;
let filepath = format!("./tmp/{}", filename); let filepath = format!("./tmp/{}", sanitize_filename::sanitize(&filename));
let mut f = async_std::fs::File::create(filepath).await?; let mut f = async_std::fs::File::create(filepath).await?;
// Field in turn is stream of *Bytes* object // Field in turn is stream of *Bytes* object

View File

@ -17,3 +17,4 @@ bytes = { version = "0.5", features = ["serde"] }
serde = { version = "1.0.104", features = ["derive"] } serde = { version = "1.0.104", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
dotenv = "0.15.0" dotenv = "0.15.0"
sanitize-filename = "0.2"

View File

@ -78,7 +78,7 @@ pub async fn split_payload(payload: &mut Multipart) -> (bytes::Bytes, Vec<Tmpfil
} else { } else {
match content_type.get_filename() { match content_type.get_filename() {
Some(filename) => { Some(filename) => {
let tmp_file = Tmpfile::new(filename); let tmp_file = Tmpfile::new(&sanitize_filename::sanitize(&filename));
let tmp_path = tmp_file.tmp_path.clone(); let tmp_path = tmp_file.tmp_path.clone();
let mut f = web::block(move || std::fs::File::create(&tmp_path)) let mut f = web::block(move || std::fs::File::create(&tmp_path))
.await .await

View File

@ -14,3 +14,4 @@ actix-multipart = "0.2.0"
actix-rt = "1.0.0" actix-rt = "1.0.0"
actix-web = "2.0.0" actix-web = "2.0.0"
futures = "0.3.1" futures = "0.3.1"
sanitize-filename = "0.2"

View File

@ -9,7 +9,7 @@ async fn save_file(mut payload: Multipart) -> Result<HttpResponse, Error> {
while let Ok(Some(mut field)) = payload.try_next().await { while let Ok(Some(mut field)) = payload.try_next().await {
let content_type = field.content_disposition().unwrap(); let content_type = field.content_disposition().unwrap();
let filename = content_type.get_filename().unwrap(); let filename = content_type.get_filename().unwrap();
let filepath = format!("./tmp/{}", filename); let filepath = format!("./tmp/{}", sanitize_filename::sanitize(&filename));
// File::create is blocking operation, use threadpool // File::create is blocking operation, use threadpool
let mut f = web::block(|| std::fs::File::create(filepath)) let mut f = web::block(|| std::fs::File::create(filepath))
.await .await