mirror of
https://github.com/bestnite/sub2clash.git
synced 2025-10-26 09:11:01 +00:00
43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
package common
|
|
|
|
import (
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
)
|
|
|
|
const templatesDir = "templates"
|
|
|
|
// LoadTemplate 只读取运行目录下的 templates 目录,防止其他文件内容泄漏
|
|
func LoadTemplate(templateName string) ([]byte, error) {
|
|
// 清理路径,防止目录遍历攻击
|
|
cleanTemplateName := filepath.Clean(templateName)
|
|
|
|
// 检查是否尝试访问父目录
|
|
if strings.HasPrefix(cleanTemplateName, "..") || strings.Contains(cleanTemplateName, string(filepath.Separator)+".."+string(filepath.Separator)) {
|
|
return nil, NewFileNotFoundError(templateName) // 拒绝包含父目录的路径
|
|
}
|
|
|
|
// 构建完整路径,确保只从 templates 目录读取
|
|
fullPath := filepath.Join(templatesDir, cleanTemplateName)
|
|
|
|
if _, err := os.Stat(fullPath); err == nil {
|
|
file, err := os.Open(fullPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer func(file *os.File) {
|
|
if file != nil {
|
|
_ = file.Close()
|
|
}
|
|
}(file)
|
|
result, err := io.ReadAll(file)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return result, nil
|
|
}
|
|
return nil, NewFileNotFoundError(templateName)
|
|
}
|