~aw/mygit#38: 
readme link is broken in tree

Status
REPORTED
Submitter
~aw
Assigned to
No-one
Submitted
2 months ago
Updated
2 months ago
Labels
No labels applied.

~aw 2 months ago

returns 502 error

Johann Galle 2 months ago · edit

For canonicalize to work properly, the path has to exist (because it would e.g. also try to resolve symbolic links). See https://doc.rust-lang.org/std/fs/fn.canonicalize.html.

So std::path::Path::canonicalize a.k.a. std::fs::canonicalize will not work as in commit 4804f67.

To my knowledge the URL library already takes care of canonicalizing the path component of the URL, see this playground: https://play.rust-lang.org/?code=fn%20main%28%29%20%7B%0A%20%20%20%20let%20url%20%3D%20url%3A%3AUrl%3A%3Aparse%28%22http%3A%2F%2Fexample.com%2F.%2Fx%2F..%2F%22%29.unwrap%28%29%3B%0A%20%20%20%20println%21%28%22%7B%7D%22%2C%20url%29%3B%0A%7D

~aw 2 months ago

Hm, the issue someone pointed out to me was a path traversal bug, if someone sent a url encoded “../..” parameter for example

Alex

On Jul 18, 2021, at 11:38 PM, Johann Galle outgoing@sr.ht wrote:

For canonicalize to work properly, the path has to exist (because it

would e.g. also try to resolve symbolic links). See https://doc.rust- lang.org/std/fs/fn.canonicalize.html.

So std::path::Path::canonicalize a.k.a. std::fs::canonicalize will not work as in commit 4804f67.

To my knowledge the URL library already takes care of canonicalizing the path component of the URL, see this playground: https://play.rust-lang.org/?code=fn%20main%28%29%20%7B%0A%2 0%20%20%20let%20url%20%3D%20url%3A%3AUrl%3A%3Aparse%28%22http%3A%2F%2Fex ample.com%2F.%2Fx%2F..%2F%22%29.unwrap%28%29%3B%0A%20%20%20%20println%21 %28%22%7B%7D%22%2C%20url%29%3B%0A%7D

-- View on the web: https://todo.sr.ht/~aw/mygit/38#event-91621

Johann Galle 2 months ago · edit

I should have actually pulled the most recent version, now I see the real problem. Sorry.

The issue has nothing to do with the readme, but Syntect is having issues with Markdown files. See also https://github.com/trishume/syntect/issues/336. I think that this issue will be fixed soon, seeing that there is already an approved pull request open for it. Reverting to an older version does not work, because that is missing some functions we need.

Register here or Log in to comment, or comment via email.