Use Absolutize for files that do not exist

Canonicalize relies on the file existing to resolve the potential traversal, which won't work for file upload in case the file name has a traversal inside it.
2020-10-17 19:22:55 -04:00
parent 6c9c80f61d
commit eccb45ced0
4 changed files with 29 additions and 16 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -26,3 +26,4 @@ walkdir = "2"
 rayon = "1.3"
 notify = "4.0"
 tokio = "0.2"
+path-absolutize = "3.0.6"