From f456b6bc6b2ce10c635a02e02387d542166ad7d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Thu, 10 Aug 2023 11:27:24 +0800
Subject: [PATCH] =?UTF-8?q?=E9=9D=99=E6=80=81=E5=88=86=E5=8F=91=E5=A2=9E?=
 =?UTF-8?q?=E5=8A=A0=E4=BE=8B=E5=A4=96URL=E3=80=81=E9=99=90=E5=88=B6URL?=
 =?UTF-8?q?=E3=80=81=E6=8E=92=E9=99=A4=E9=9A=90=E8=97=8F=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E7=AD=89=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/http_request_root.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/internal/nodes/http_request_root.go b/internal/nodes/http_request_root.go
index 7a4377d..c693541 100644
--- a/internal/nodes/http_request_root.go
+++ b/internal/nodes/http_request_root.go
@@ -66,6 +66,19 @@ func (this *HTTPRequest) doRoot() (isBreak bool) {
 		requestPath = this.uri[:questionMarkIndex]
 	}
 
+	// except hidden files
+	if this.web.Root.ExceptHiddenFiles &&
+		(strings.Contains(requestPath, "/.") || strings.Contains(requestPath, "\\.")) {
+		this.write404()
+		return true
+	}
+
+	// except and only files
+	if !this.web.Root.MatchURL(this.URL()) {
+		this.write404()
+		return true
+	}
+
 	// 去掉其中的奇怪的路径
 	requestPath = strings.Replace(requestPath, "..\\", "", -1)