diff --git a/ptth_handlebars/file_server_dir.html b/ptth_handlebars/file_server_dir.html
index d95a06b..831d079 100644
--- a/ptth_handlebars/file_server_dir.html
+++ b/ptth_handlebars/file_server_dir.html
@@ -22,7 +22,7 @@
{{#each entries}}
diff --git a/src/server/file_server.rs b/src/server/file_server.rs
index 7b4723b..2e2e30c 100644
--- a/src/server/file_server.rs
+++ b/src/server/file_server.rs
@@ -257,13 +257,18 @@ pub async fn serve_all (
let encoded_path = &parts.uri [1..];
- let path = percent_decode (encoded_path.as_bytes ()).decode_utf8 ().unwrap ();
+ let path_s = percent_decode (encoded_path.as_bytes ()).decode_utf8 ().unwrap ();
+ let path = Path::new (&*path_s);
let mut full_path = PathBuf::from (root);
- full_path.push (&*path);
+ full_path.push (path);
if let Ok (dir) = read_dir (&full_path).await {
- serve_dir (handlebars, full_path.to_string_lossy (), dir).await
+ serve_dir (
+ handlebars,
+ full_path.to_string_lossy (),
+ dir
+ ).await
}
else if let Ok (file) = File::open (&full_path).await {
serve_file (
diff --git a/todo.md b/todo.md
index 6e11ad8..118e840 100644
--- a/todo.md
+++ b/todo.md
@@ -1,4 +1,3 @@
-- Add ".." for parent directory
- Prevent directory traversal attacks
- Set up tokens or something so clients can't trivially
impersonate servers