From 5f60dc9ff7ebed03db8d989fc9aa14bbb6d8c70a Mon Sep 17 00:00:00 2001
From: xfy <i@rua.plus>
Date: Fri, 17 Apr 2026 10:41:13 +0800
Subject: [PATCH] =?UTF-8?q?feat(server):=20=E4=B8=BA=E9=9D=99=E6=80=81?=
 =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=A4=84=E7=90=86=E6=B7=BB=E5=8A=A0=E7=AC=A6?=
 =?UTF-8?q?=E5=8F=B7=E9=93=BE=E6=8E=A5=E5=AE=89=E5=85=A8=E6=A3=80=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

在 registerStaticHandlersWithLocationEngine 和 registerStaticHandlers
两个方法中设置 SymlinkCheck 安全检查，防止通过符号链接访问敏感文件。

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 internal/server/server.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/server/server.go b/internal/server/server.go
index f130c8f..72dc1cc 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -1038,6 +1038,9 @@ func (s *Server) registerStaticHandlersWithLocationEngine(cfg *config.ServerConf
 			staticHandler.SetGzipStatic(true, cfg.Compression.GzipStaticExtensions)
 		}
 
+		// 设置符号链接安全检查
+		staticHandler.SetSymlinkCheck(static.SymlinkCheck)
+
 		// 根据 LocationType 注册路由
 		locType := static.LocationType
 		if locType == "" {
@@ -1383,6 +1386,9 @@ func (s *Server) registerStaticHandlers(router *handler.Router, cfg *config.Serv
 			staticHandler.SetGzipStatic(true, cfg.Compression.GzipStaticExtensions)
 		}
 
+		// 设置符号链接安全检查
+		staticHandler.SetSymlinkCheck(static.SymlinkCheck)
+
 		// 设置 try_files 配置
 		if len(static.TryFiles) > 0 {
 			// 注意：tryFilesPass 需要路由器支持，当前实现传入 nil