24 lines
498 B
Go
24 lines
498 B
Go
package console
|
|
|
|
import (
|
|
"fmt"
|
|
"path/filepath"
|
|
"strings"
|
|
)
|
|
|
|
func SafeJoinPath(tempDir, fileName string) (string, error) {
|
|
// Clean both paths
|
|
tempDir = filepath.Clean(tempDir)
|
|
fileName = filepath.Clean(fileName)
|
|
|
|
// Join paths and clean result
|
|
fullPath := filepath.Clean(filepath.Join(tempDir, fileName))
|
|
|
|
// Verify the path is still within tempDir
|
|
if !strings.HasPrefix(fullPath, tempDir+string(filepath.Separator)) {
|
|
return "", fmt.Errorf("invalid path")
|
|
}
|
|
|
|
return fullPath, nil
|
|
}
|