From: Alexis Laferrière <alexis.laf@xymus.net>
Date: Wed, 17 Sep 2014 20:15:40 +0000 (-0400)
Subject: nitcorn: better and safer access to root of a file server
X-Git-Tag: v0.6.9~29^2~4
X-Git-Url: http://nitlanguage.org

nitcorn: better and safer access to root of a file server

Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>
---

diff --git a/lib/nitcorn/file_server.nit b/lib/nitcorn/file_server.nit
index d9b4e45..2b94280 100644
--- a/lib/nitcorn/file_server.nit
+++ b/lib/nitcorn/file_server.nit
@@ -58,11 +58,11 @@ class FileServer
 		var local_file = root.join_path(turi.strip_start_slashes)
 		local_file = local_file.simplify_path
 
-		# HACK
-		if turi == "/" then local_file = root
 
 		# Is it reachable?
-		if local_file.has_prefix(root) then
+		#
+		# This make sure that the requested file is within the root folder.
+		if (local_file + "/").has_prefix(root) then
 			# Does it exists?
 			if local_file.file_exists then
 				if local_file.file_stat.is_dir then