mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity

run path via http_argument_urldecode().

This commit is contained in:
Joris Vink 2018-06-28 15:28:25 +02:00
parent 70e945afb7
commit 2139527df7
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/filemap.c
View File

@ -134,6 +134,16 @@ filemap_serve(struct http_request *req, struct filemap_entry *map)
return;
}
if (!http_argument_urldecode(fpath)) {
http_response(req, HTTP_STATUS_BAD_REQUEST, NULL, 0);
return;
}
if (strstr(fpath, "..")) {
http_response(req, HTTP_STATUS_NOT_FOUND, NULL, 0);
return;
}
if ((ref = kore_fileref_get(fpath)) == NULL) {
if ((fd = open(fpath, O_RDONLY | O_NOFOLLOW)) == -1) {
switch (errno) {