Bug #1909 » fix_using_std_string_only.patch
| new/RequestHandler.C 2013-05-25 23:17:53.528318580 +0200 | ||
|---|---|---|
|
}
|
||
|
// Request path must be absolute and not contain "..".
|
||
|
if (req.request_path.empty() || req.request_path[0] != '/'
|
||
|
|| req.request_path.find("..") != std::string::npos) {
|
||
|
std:string slashedPath(req.request_path);
|
||
|
std::replace(slashedPath.begin(), slashedPath.end(), '\\', '/');
|
||
|
std::size_t lastDots = slashedPath.rfind("/..");
|
||
|
if (slashedPath.empty()
|
||
|
|| slashedPath.find("/") != 0
|
||
|
|| slashedPath.find("/../") != std::string::npos
|
||
|
|| (lastDots != std::string::npos
|
||
|
&& slashedPath.length() == lastDots + 3)) {
|
||
|
return ReplyPtr(new StockReply(req, Reply::bad_request, "", config_));
|
||
|
}
|
||
- « Previous
- 1
- 2
- 3
- Next »