From 1fa958dda1ef0cb37441ef8d1a84faf6d501ac12 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Wed, 6 Dec 2023 14:08:22 +0100
Subject: [PATCH] isAllowedURI: Format

---
 src/libexpr/eval.cc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index d8a36fa02..9e541f293 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -605,11 +605,14 @@ bool isAllowedURI(std::string_view uri, const Strings & allowedUris)
        prefix. Thus, the prefix https://github.co does not permit
        access to https://github.com. */
     for (auto & prefix : allowedUris) {
-        if (uri == prefix ||
-            (uri.size() > prefix.size()
-            && prefix.size() > 0
-            && hasPrefix(uri, prefix)
-            && (prefix[prefix.size() - 1] == '/' || uri[prefix.size()] == '/')))
+        if (uri == prefix
+            // Allow access to subdirectories of the prefix.
+            || (uri.size() > prefix.size()
+                && prefix.size() > 0
+                && hasPrefix(uri, prefix)
+                && (
+                    prefix[prefix.size() - 1] == '/'
+                    || uri[prefix.size()] == '/')))
             return true;
     }