// Copyright 2015 The Gogs Authors. All rights reserved.
// Copyright 2018 Gitote. All rights reserved.
//
// This source code is licensed under the MIT license found in the
// LICENSE file in the root directory of this source tree.

package tool

import (
	"strings"
)

// IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
// False: //url, http://url, /\url
// True: /url

func IsSameSiteURLPath(url string) bool {
	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
}

// SanitizePath sanitizes user-defined file paths to prevent remote code execution.
func SanitizePath(path string) string {
	path = strings.TrimLeft(path, "/")
	path = strings.Replace(path, "../", "", -1)
	path = strings.Replace(path, "..\\", "", -1)
	return path
}