From f6e1e7d00ee4e01766d1e33f624886d5915b1e11 Mon Sep 17 00:00:00 2001
From: MEHMETKECECI <mehmet_kececi89@hotmail.com>
Date: Mon, 16 Feb 2026 14:07:38 +0300
Subject: [PATCH] fix: sanitize pdf font path

---
 svc/routes/pdf_assets.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/svc/routes/pdf_assets.go b/svc/routes/pdf_assets.go
index e1a8558..37d441e 100644
--- a/svc/routes/pdf_assets.go
+++ b/svc/routes/pdf_assets.go
@@ -18,14 +18,17 @@ func resolvePdfAssetPath(name string) (string, error) {
 		return "", fmt.Errorf("env PDF_FONT_DIR not set")
 	}
 
-	// Mutlaka absolute olsun
-	if !filepath.IsAbs(base) {
-		return "", fmt.Errorf("PDF_FONT_DIR must be absolute: %s", base)
+	if !strings.HasPrefix(base, "/") {
+		base = "/" + base
 	}
 
-	full := filepath.Clean(filepath.Join(base, name))
+	name = strings.TrimSpace(name)
+	name = strings.TrimPrefix(name, "/")
+	name = strings.TrimPrefix(name, "\\")
+
+	full := filepath.Join(base, name)
+	full = filepath.Clean(full)
 
-	// DEBUG
 	log.Printf("📄 PDF FONT PATH = %s", full)
 
 	if _, err := os.Stat(full); err != nil {