'use strict';
|
|
/**
|
* File Inclusion
|
*/
|
|
function pathFilter(path) {
|
|
if (typeof path !== 'string') return path;
|
|
const pathSource = path;
|
|
while (path.indexOf('%') !== -1) {
|
try {
|
path = decodeURIComponent(path);
|
} catch (e) {
|
if (process.env.NODE_ENV !== 'production') {
|
// Not a PROD env, logging with a warning.
|
this.ctx.coreLogger.warn('[egg-security:helper:spath] : decode file path %s failed.', path);
|
}
|
break;
|
}
|
}
|
if (path.indexOf('..') !== -1 || path[0] === '/') {
|
return null;
|
}
|
return pathSource;
|
}
|
|
module.exports = pathFilter;
|
