ref: 241667b933ff5bacb9a3974f6877fb8aad78bed3
parent: 60ef662b98f05ae84a7e111eb5c0dee9b6be1d9a
author: glenda <glenda@9front.local>
date: Thu Mar 31 21:59:47 EDT 2022
/rc/bin/rc-httpd/handlers/{dir-index, serve-static}: commit the correct files this time (thanks, igor)
--- a/rc/bin/rc-httpd/handlers/dir-index
+++ b/rc/bin/rc-httpd/handlers/dir-index
@@ -2,6 +2,10 @@
PATH_INFO=`{echo $PATH_INFO | urlencode -d}full_path=$"FS_ROOT^$"PATH_INFO
full_path=$"full_path
+if(! ~ `{cleanname -d$FS_ROOT $full_path} `{cleanname $FS_ROOT}^*){+ error 503
+ exit
+}
if(! test -d $full_path){error 404
exit
@@ -14,8 +18,7 @@
if(~ $"NOINDEXFILE ^ $"NOINDEX ''){ifile=index.htm*
if(! ~ $ifile(1) *'*'){- PATH_INFO=$ifile(1)
- FS_ROOT=''
+ PATH_INFO=$PATH_INFO^$ifile(1)
exec serve-static
}
}
--- a/rc/bin/rc-httpd/handlers/serve-static
+++ b/rc/bin/rc-httpd/handlers/serve-static
@@ -1,6 +1,10 @@
#!/bin/rc
full_path=`{echo $"FS_ROOT^$"PATH_INFO | urlencode -d}full_path=$"full_path
+if(! ~ `{cleanname -d$FS_ROOT $full_path} `{cleanname $FS_ROOT}^*){+ error 503
+ exit
+}
if(~ $full_path */)
error 503
if(test -d $full_path){--
⑨