Blocked dir traversal - fiche - A pastebin adjusted for gopher use
 (HTM) git clone git://vernunftzentrum.de/fiche.git
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) LICENSE
       ---
 (DIR) commit 680bb77f2c2cd4e39344502268f4552932052881
 (DIR) parent 12205151078b89e48cee70ee450207a39046ae57
 (HTM) Author: solusipse <solus1ps3@gmail.com>
       Date:   Mon,  9 Oct 2017 20:15:22 +0200
       
       Blocked dir traversal
       
       Diffstat:
         extras/lines/lines.py               |       8 ++++++--
       
       1 file changed, 6 insertions(+), 2 deletions(-)
       ---
 (DIR) diff --git a/extras/lines/lines.py b/extras/lines/lines.py
       @@ -19,14 +19,18 @@ def main():
        @app.route('/<slug>')
        def beautify(slug):
            # Return 404 in case of urls longer than 64 chars
       -    if (len(slug) > 64):
       +    if len(slug) > 64:
                abort(404)
        
            # Create path for the target dir
            target_dir = os.path.join(args.root_dir, slug)
        
       +    # Block directory traversal attempts
       +    if not target_dir.startswith(args.root_dir):
       +        abort(404)
       +
            # Check if directory with requested slug exists
       -    if (os.path.isdir(target_dir)):
       +    if os.path.isdir(target_dir):
                target_file = os.path.join(target_dir, "index.txt")
                
                # File index.txt found inside that dir