nitcorn: better and safer access to root of a file server

Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>

diff --git a/lib/nitcorn/file_server.nit b/lib/nitcorn/file_server.nit
index d9b4e45..2b94280 100644 (file)
--- a/lib/nitcorn/file_server.nit
+++ b/lib/nitcorn/file_server.nit
@@ -58,11 +58,11 @@ class FileServer
                var local_file = root.join_path(turi.strip_start_slashes)
                local_file = local_file.simplify_path
 
-               # HACK
-               if turi == "/" then local_file = root
 
                # Is it reachable?
-               if local_file.has_prefix(root) then
+               #
+               # This make sure that the requested file is within the root folder.
+               if (local_file + "/").has_prefix(root) then
                        # Does it exists?
                        if local_file.file_exists then
                                if local_file.file_stat.is_dir then