From d532f73360bf4a7c347cd9a3a7427f6551496c4f Mon Sep 17 00:00:00 2001 From: Emile Date: Sun, 22 Mar 2020 15:51:08 +0100 Subject: cleand the download query catcher --- src/http/http.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/http') diff --git a/src/http/http.go b/src/http/http.go index dc23037..5593969 100644 --- a/src/http/http.go +++ b/src/http/http.go @@ -136,9 +136,13 @@ func pathHandler(w http.ResponseWriter, r *http.Request) { if query["download"] != nil { // strip the file before and after the request - strippedFile := strings.Replace(requestURI, root, "", -1) - strippedFile = strings.Replace(strippedFile, "?download", "", -1) - path := fmt.Sprintf("/download?file=%s", strippedFile) + strippedFile := strings.Replace(requestPath, root, "", -1) + + // base64 encode the file path + strippedFileBase64 := base64.StdEncoding.EncodeToString([]byte(strippedFile)) + + // redirect to the /download handler with the file path and the salted hash + path := fmt.Sprintf("/download?file=%s&hash=%s", strippedFileBase64, query["hash"][0]) http.Redirect(w, r, path, http.StatusSeeOther) return } -- cgit 1.4.1