From 446acdcdb56220f326cf372c8aff39e7c2b117b6 Mon Sep 17 00:00:00 2001
From: Matt Bell <mappum@gmail.com>
Date: Mon, 3 Nov 2014 19:51:55 -0800
Subject: [PATCH] commands/http: Ensure request URLs start with expected prefix

---
 commands/http/parse.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/commands/http/parse.go b/commands/http/parse.go
index bb2f8348a..f40b02324 100644
--- a/commands/http/parse.go
+++ b/commands/http/parse.go
@@ -1,6 +1,7 @@
 package http
 
 import (
+	"errors"
 	"net/http"
 	"strings"
 
@@ -9,7 +10,11 @@ import (
 
 // Parse parses the data in a http.Request and returns a command Request object
 func Parse(r *http.Request, root *cmds.Command) (cmds.Request, error) {
-	path := strings.Split(r.URL.Path, "/")[3:]
+	if !strings.HasPrefix(r.URL.Path, ApiPath) {
+		return nil, errors.New("Unexpected path prefix")
+	}
+	path := strings.Split(strings.TrimPrefix(r.URL.Path, ApiPath+"/"), "/")
+
 	stringArgs := make([]string, 0)
 
 	cmd, err := root.Get(path[:len(path)-1])
-- 
GitLab