app/vmstorage: fix potential file inclusion via variable (#3339)

* app/vmstorage: fix potential file inclusion via variable * app/vmstorage: cleanup
2025-01-10 15:14:09 +00:00 · 2022-11-17 01:29:43 +02:00 · 2022-11-17 01:29:43 +02:00 · 6f7956503f
commit 6f7956503f
parent f67c2a2f8f
1 changed files with 18 additions and 3 deletions
--- a/app/vmstorage/main.go
+++ b/app/vmstorage/main.go
@ -241,12 +241,27 @@ func requestHandler(w http.ResponseWriter, r *http.Request, strg *storage.Storag
 	case "/delete":
 		w.Header().Set("Content-Type", "application/json")
 		snapshotName := r.FormValue("snapshot")
-		if err := strg.DeleteSnapshot(snapshotName); err != nil {
-			err = fmt.Errorf("cannot delete snapshot %q: %w", snapshotName, err)
+
+		snapshots, err := strg.ListSnapshots()
+		if err != nil {
+			err = fmt.Errorf("cannot list snapshots: %w", err)
 			jsonResponseError(w, err)
 			return true
 		}
-		fmt.Fprintf(w, `{"status":"ok"}`)
+		for _, snName := range snapshots {
+			if snName == snapshotName {
+				if err := strg.DeleteSnapshot(snName); err != nil {
+					err = fmt.Errorf("cannot delete snapshot %q: %w", snName, err)
+					jsonResponseError(w, err)
+					return true
+				}
+				fmt.Fprintf(w, `{"status":"ok"}`)
+				return true
+			}
+		}
+
+		err = fmt.Errorf("cannot find snapshot %q: %w", snapshotName, err)
+		jsonResponseError(w, err)
 		return true
 	case "/delete_all":
 		w.Header().Set("Content-Type", "application/json")