From e88d2bf42c4592a61051b1e2e606facc22db6288 Mon Sep 17 00:00:00 2001 From: Nils Pukropp Date: Fri, 27 Mar 2026 14:30:51 +0100 Subject: [PATCH] cargo fmt --- backend/src/handlers/posts.rs | 5 ++++- backend/src/handlers/upload.rs | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/backend/src/handlers/posts.rs b/backend/src/handlers/posts.rs index a30df0e..dd0359f 100644 --- a/backend/src/handlers/posts.rs +++ b/backend/src/handlers/posts.rs @@ -33,7 +33,10 @@ pub async fn create_post( // Handle renaming if let Some(ref old_slug) = payload.old_slug { if old_slug != &payload.slug { - let old_file_path = state.data_dir.join("posts").join(format!("{}.md", old_slug)); + let old_file_path = state + .data_dir + .join("posts") + .join(format!("{}.md", old_slug)); if old_file_path.exists() { // If new path already exists and it's different from old path, error out if file_path.exists() { diff --git a/backend/src/handlers/upload.rs b/backend/src/handlers/upload.rs index 7aa45d7..583fba3 100644 --- a/backend/src/handlers/upload.rs +++ b/backend/src/handlers/upload.rs @@ -1,6 +1,6 @@ use axum::{ Json, - extract::{Multipart, State, Path, Query}, + extract::{Multipart, Path, Query, State}, http::{HeaderMap, StatusCode}, }; use serde::Deserialize; @@ -27,7 +27,7 @@ pub async fn delete_upload( check_auth(&headers, &state.admin_token)?; let file_path = state.data_dir.join("uploads").join(&filename); - + // Security check to prevent directory traversal if file_path.parent() != Some(&state.data_dir.join("uploads")) { return Err(AppError::BadRequest("Invalid filename".to_string()));