From 0adffe625a26fba47819e4f6e0acc21cef0a6f6c Mon Sep 17 00:00:00 2001
From: Benny <benny.think@gmail.com>
Date: Mon, 22 Apr 2024 19:33:32 +0200
Subject: [PATCH] Directory traversal with malformed HTTP request

#330
---
 handler/router.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/handler/router.go b/handler/router.go
index 3328a867d..30f7d91fc 100644
--- a/handler/router.go
+++ b/handler/router.go
@@ -22,6 +22,12 @@ func Convert(c *fiber.Ctx) error {
 	// 2. generate rawImagePath, could be local path or remote url(possible with query string)
 	// 3. pass it to encoder, get the result, send it back
 
+	// normal http request will start with /
+	if !strings.HasPrefix(c.Path(), "/") {
+		_ = c.SendStatus(http.StatusBadRequest)
+		return nil
+	}
+
 	var (
 		reqHostname = c.Hostname()
 		reqHost     = c.Protocol() + "://" + reqHostname // http://www.example.com:8000