From 8c8c37a66b4cef6fc8a995ab1b4fd6e530c49c51 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Wed, 19 Dec 2018 22:56:36 -0500
Subject: [PATCH] pkg/tool/path: handle Windows path separators (#5558)

---
 pkg/tool/path.go      | 1 +
 pkg/tool/path_test.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/pkg/tool/path.go b/pkg/tool/path.go
index 528db86df..e8f7bcbea 100644
--- a/pkg/tool/path.go
+++ b/pkg/tool/path.go
@@ -19,5 +19,6 @@ func IsSameSiteURLPath(url string) bool {
 func SanitizePath(path string) string {
 	path = strings.TrimLeft(path, "/")
 	path = strings.Replace(path, "../", "", -1)
+	path = strings.Replace(path, "..\\", "", -1)
 	return path
 }
diff --git a/pkg/tool/path_test.go b/pkg/tool/path_test.go
index 9f3441b11..d9b9fb219 100644
--- a/pkg/tool/path_test.go
+++ b/pkg/tool/path_test.go
@@ -39,8 +39,11 @@ func Test_SanitizePath(t *testing.T) {
 		}{
 			{"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
 			{"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
+			{"data\\gogs\\..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
 
 			{"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
 		}
 		for _, tc := range testCases {
 			So(SanitizePath(tc.path), ShouldEqual, tc.expect)