It's not a huge problem, it's not very prominent. No way to delete posts at present, they can be downvoted/flagged, but I think with the caveats above attached it's fine, it might even do some good as this pattern has spread to a lot of places, and it's good for people to be aware not to trust user input.
Am I the only one finding themselves thinking this isn't great advice? The Go wiki has, as far as I'm concerned, the right answer: `http.FileServer(http.Dir("/usr/share/doc"))`.
Yes, there is a function in the stdlib to do just this, so better to use that. In particular, I wouldn't do this: path := r.URL.Path[1:] - taking the path from user input without cleaning it at all is a bit dangerous, I think they have guards now in http.FileServer, but I would clean it as soon as you use it to prevent directory traversal, whatever method you're using. So I think the link you have provided is a far better starting point.
I tend not to downvote links like this though which are well-meaning but a little flawed, so have just left it at 1 - would rather keep downvotes for actual bad behaviour and spam.
Yikes! I see to post this was dumb and stupid..Is there a way to delete own posts here?
It's not a huge problem, it's not very prominent. No way to delete posts at present, they can be downvoted/flagged, but I think with the caveats above attached it's fine, it might even do some good as this pattern has spread to a lot of places, and it's good for people to be aware not to trust user input.
Am I the only one finding themselves thinking this isn't great advice? The Go wiki has, as far as I'm concerned, the right answer: `http.FileServer(http.Dir("/usr/share/doc"))`.
https://github.com/golang/go/wiki/HttpStaticFiles
Yes, there is a function in the stdlib to do just this, so better to use that. In particular, I wouldn't do this: path := r.URL.Path[1:] - taking the path from user input without cleaning it at all is a bit dangerous, I think they have guards now in http.FileServer, but I would clean it as soon as you use it to prevent directory traversal, whatever method you're using. So I think the link you have provided is a far better starting point.
I tend not to downvote links like this though which are well-meaning but a little flawed, so have just left it at 1 - would rather keep downvotes for actual bad behaviour and spam.