From e92a911e7d70c5cec0ec1434a501d6a777c333a4 Mon Sep 17 00:00:00 2001
From: Abiola Ibrahim <abiola89@gmail.com>
Date: Fri, 11 Mar 2016 23:44:50 +0100
Subject: [PATCH] Add more tests.

---
 middleware/fileserver.go      |  1 +
 middleware/fileserver_test.go | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/middleware/fileserver.go b/middleware/fileserver.go
index 4b3cab02..6cdb0ff5 100644
--- a/middleware/fileserver.go
+++ b/middleware/fileserver.go
@@ -141,6 +141,7 @@ func (fh fileHandler) isHidden(name string) bool {
 		name = strings.TrimSpace(name)
 		for strings.HasSuffix(name, ".") {
 			name = name[:len(name)-1]
+			name = strings.TrimSpace(name)
 		}
 	}
 	// If the file is supposed to be hidden, return a 404
diff --git a/middleware/fileserver_test.go b/middleware/fileserver_test.go
index 0f5b1fac..ba2f23ba 100644
--- a/middleware/fileserver_test.go
+++ b/middleware/fileserver_test.go
@@ -112,6 +112,26 @@ func TestServeHTTP(t *testing.T) {
 			expectedStatus:      http.StatusMovedPermanently,
 			expectedBodyContent: movedPermanently,
 		},
+		// Test 11 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html%20",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 12 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html.",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 13 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html.%20",
+			expectedStatus: http.StatusNotFound,
+		},
+		// Test 14 - attempt to bypass hidden file
+		{
+			url:            "https://foo/dir/hidden.html%20.",
+			expectedStatus: http.StatusNotFound,
+		},
 	}
 
 	for i, test := range tests {