lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipn/localapi: fix inability to receive taildrop files w/ escaped names 

The localapi was double-unescaping: once by net/http populating
the URL, and once by ourselves later. We need to start with the raw
escaped URL if we're doing it ourselves.

Started to write a test but it got invasive. Will have to add those
tests later in a commit that's not being cherry-picked to a release
branch.

Fixes #2288

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 98ad7f279c)
release-branch/1.10
Brad Fitzpatrick 2021-07-13 15:24:37 -07:00
parent 57b3f17265
commit a1031fb717
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipn/localapi/localapi.go
View File

@ -264,7 +264,7 @@ func (h *Handler) serveFiles(w http.ResponseWriter, r *http.Request) {
http.Error(w, "file access denied", http.StatusForbidden) http.Error(w, "file access denied", http.StatusForbidden)
return return
} }
suffix := strings.TrimPrefix(r.URL.Path, "/localapi/v0/files/") suffix := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/files/")
if suffix == "" { if suffix == "" {
if r.Method != "GET" { if r.Method != "GET" {
http.Error(w, "want GET to list files", 400) http.Error(w, "want GET to list files", 400)