ipn/localapi: fix inability to receive taildrop files w/ escaped names

The localapi was double-unescaping: once by net/http populating
the URL, and once by ourselves later. We need to start with the raw
escaped URL if we're doing it ourselves.

Started to write a test but it got invasive. Will have to add those
tests later in a commit that's not being cherry-picked to a release
branch.

Fixes #2288

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/2423/head
Brad Fitzpatrick 3 years ago committed by Brad Fitzpatrick
parent 4f4dae32dd
commit 98ad7f279c

@ -266,7 +266,7 @@ func (h *Handler) serveFiles(w http.ResponseWriter, r *http.Request) {
http.Error(w, "file access denied", http.StatusForbidden) http.Error(w, "file access denied", http.StatusForbidden)
return return
} }
suffix := strings.TrimPrefix(r.URL.Path, "/localapi/v0/files/") suffix := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/files/")
if suffix == "" { if suffix == "" {
if r.Method != "GET" { if r.Method != "GET" {
http.Error(w, "want GET to list files", 400) http.Error(w, "want GET to list files", 400)

Loading…
Cancel
Save