diff options
Diffstat (limited to 'workhorse/internal/upload/rewrite.go')
-rw-r--r-- | workhorse/internal/upload/rewrite.go | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go index ba6bd0e501a..85063d65c1b 100644 --- a/workhorse/internal/upload/rewrite.go +++ b/workhorse/internal/upload/rewrite.go @@ -9,6 +9,7 @@ import ( "mime/multipart" "net/http" "os" + "path/filepath" "strings" "github.com/prometheus/client_golang/prometheus" @@ -117,6 +118,10 @@ func (rew *rewriter) handleFilePart(ctx context.Context, name string, p *multipa filename := p.FileName() + if opts.FeatureFlagExtractBase { + filename = filepath.Base(filename) + } + if strings.Contains(filename, "/") || filename == "." || filename == ".." { return fmt.Errorf("illegal filename: %q", filename) } @@ -187,7 +192,10 @@ func handleExifUpload(ctx context.Context, r io.Reader, filename string, imageTy return nil, err } - tmpfile.Seek(0, io.SeekStart) + if _, err := tmpfile.Seek(0, io.SeekStart); err != nil { + return nil, err + } + isValidType := false switch imageType { case exif.TypeJPEG: @@ -196,7 +204,10 @@ func handleExifUpload(ctx context.Context, r io.Reader, filename string, imageTy isValidType = isTIFF(tmpfile) } - tmpfile.Seek(0, io.SeekStart) + if _, err := tmpfile.Seek(0, io.SeekStart); err != nil { + return nil, err + } + if !isValidType { log.WithContextFields(ctx, log.Fields{ "filename": filename, |