fix path to filepath

2026-02-02 16:31:11 +08:00 · 2025-10-21 15:06:26 +08:00 · 2025-10-21 15:06:26 +08:00 · e4aaaa1583
commit e4aaaa1583
parent 1361f6e237
1 changed files with 3 additions and 9 deletions
--- a/context.go
+++ b/context.go
@ -18,7 +18,6 @@ import (
 	"net/netip"
 	"net/url"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 	"sync"
@ -284,17 +283,12 @@ func (c *Context) Text(code int, text string) {
 // FileText
 func (c *Context) FileText(code int, filePath string) {
 	// 清理path
-	cleanPath := path.Clean(filePath)
+	cleanPath := filepath.Clean(filePath)
 	if !filepath.IsAbs(cleanPath) {
 		c.AddError(fmt.Errorf("relative path not allowed: %s", cleanPath))
 		c.ErrorUseHandle(http.StatusBadRequest, fmt.Errorf("relative path not allowed"))
 		return
 	}
-	if strings.Contains(cleanPath, "..") {
-		c.AddError(fmt.Errorf("path traversal attempt detected: %s", cleanPath))
-		c.ErrorUseHandle(http.StatusBadRequest, fmt.Errorf("path traversal attempt detected"))
-		return
-	}
 	// 检查文件是否存在
 	if _, err := os.Stat(cleanPath); os.IsNotExist(err) {
 		c.AddError(fmt.Errorf("file not found: %s", cleanPath))
@ -868,7 +862,7 @@ func (c *Context) GetRequestURIPath() string {
 // 将文件内容作为响应body
 func (c *Context) SetRespBodyFile(code int, filePath string) {
 	// 清理path
-	cleanPath := path.Clean(filePath)
+	cleanPath := filepath.Clean(filePath)

 	// 打开文件
 	file, err := os.Open(cleanPath)
@ -888,7 +882,7 @@ func (c *Context) SetRespBodyFile(code int, filePath string) {
 	}

 	// 尝试根据文件扩展名猜测 Content-Type
-	contentType := mime.TypeByExtension(path.Ext(cleanPath))
+	contentType := mime.TypeByExtension(filepath.Ext(cleanPath))
 	if contentType == "" {
 		// 如果无法猜测，则使用默认的二进制流类型
 		contentType = "application/octet-stream"