diff --git a/include/crow/http_response.h b/include/crow/http_response.h index 505c7c3f1..bfae40517 100644 --- a/include/crow/http_response.h +++ b/include/crow/http_response.h @@ -214,10 +214,16 @@ namespace crow int statResult; }; - ///Return a static file as the response body + /// Return a static file as the response body void set_static_file_info(std::string path) { utility::sanitize_filename(path); + set_static_file_info_unsafe(path); + } + + /// Return a static file as the response body without sanitizing the path (use set_static_file_info instead) + void set_static_file_info_unsafe(std::string path) + { file_info.path = path; file_info.statResult = stat(file_info.path.c_str(), &file_info.statbuf); #ifdef CROW_ENABLE_COMPRESSION @@ -243,6 +249,7 @@ namespace crow else { code = 404; + file_info.path.clear(); this->end(); } } diff --git a/include/crow/mustache.h b/include/crow/mustache.h index b660c87fc..902d59970 100644 --- a/include/crow/mustache.h +++ b/include/crow/mustache.h @@ -631,6 +631,13 @@ namespace crow } inline std::string load_text(const std::string& filename) + { + std::string filename_sanitized(filename); + utility::sanitize_filename(filename_sanitized); + return detail::get_loader_ref()(filename_sanitized); + } + + inline std::string load_text_unsafe(const std::string& filename) { return detail::get_loader_ref()(filename); } @@ -641,5 +648,10 @@ namespace crow utility::sanitize_filename(filename_sanitized); return compile(detail::get_loader_ref()(filename_sanitized)); } + + inline template_t load_unsafe(const std::string& filename) + { + return compile(detail::get_loader_ref()(filename)); + } } // namespace mustache } // namespace crow