nitlanguage
/
nit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
340c40e
)
nitcorn: better and safer access to root of a file server
author
Alexis Laferrière
<alexis.laf@xymus.net>
Wed, 17 Sep 2014 20:15:40 +0000
(16:15 -0400)
committer
Alexis Laferrière
<alexis.laf@xymus.net>
Wed, 17 Sep 2014 20:17:32 +0000
(16:17 -0400)
Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>
lib/nitcorn/file_server.nit
patch
|
blob
|
history
diff --git
a/lib/nitcorn/file_server.nit
b/lib/nitcorn/file_server.nit
index
d9b4e45
..
2b94280
100644
(file)
--- a/
lib/nitcorn/file_server.nit
+++ b/
lib/nitcorn/file_server.nit
@@
-58,11
+58,11
@@
class FileServer
var local_file = root.join_path(turi.strip_start_slashes)
local_file = local_file.simplify_path
- # HACK
- if turi == "/" then local_file = root
# Is it reachable?
- if local_file.has_prefix(root) then
+ #
+ # This make sure that the requested file is within the root folder.
+ if (local_file + "/").has_prefix(root) then
# Does it exists?
if local_file.file_exists then
if local_file.file_stat.is_dir then