class FileServer
super Action
- # Root of `self` file system
+ # Root folder of `self` file system
var root: String
+ init
+ do
+ var root = self.root
+
+ # Simplify the root path as each file requested will also be simplified
+ root = root.simplify_path
+
+ # Make sure the root ends with '/', this makes a difference in the security
+ # check on each file access.
+ root = root + "/"
+
+ self.root = root
+ end
+
# Error page template for a given `code`
fun error_page(code: Int): Streamable do return new ErrorTemplate(code)
var local_file = root.join_path(turi.strip_start_slashes)
local_file = local_file.simplify_path
- # HACK
- if turi == "/" then local_file = root
-
# Is it reachable?
- if local_file.has_prefix(root) then
+ #
+ # This make sure that the requested file is within the root folder.
+ if (local_file + "/").has_prefix(root) then
# Does it exists?
if local_file.file_exists then
if local_file.file_stat.is_dir then
var files = local_file.files
var links = new Array[String]
- if local_file.length > 1 then
- # The extra / is a hack
- var path = "/" + (turi + "/..").simplify_path
- links.add "<a href=\"{path}\">..</a>"
+ if turi.length > 1 then
+ var path = (request.uri + "/..").simplify_path
+ links.add "<a href=\"{path}/\">..</a>"
end
for file in files do
- var path = (turi + "/" + file).simplify_path
- links.add "<a href=\"{path}\">{file}</a>"
+ var local_path = local_file.join_path(file).simplify_path
+ var web_path = file.simplify_path
+ if local_path.file_stat.is_dir then web_path = web_path + "/"
+ links.add "<a href=\"{web_path}\">{file}</a>"
end
var header = self.header
nitlanguage / nit.git / blobdiff