Bug #10970 ยป 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch
| src/http/RequestHandler.C | ||
|---|---|---|
|
#include "RequestHandler.h"
|
||
|
#include <boost/algorithm/string/predicate.hpp>
|
||
|
#include <boost/utility/string_view.hpp>
|
||
|
#include <fstream>
|
||
|
#include <sstream>
|
||
|
#include <string>
|
||
| ... | ... | |
|
len = in.len;
|
||
|
}
|
||
|
// Only allow origin form and asterisk form (RFC 7230 5.3.1 and 5.3.4)
|
||
|
if (len > 0 && d[0] != '/' && !(len == 1 && d[0] == '*'))
|
||
|
// Only allow origin form (RFC 9112 3.2.1)
|
||
|
if (!boost::starts_with(boost::string_view(d, len), "/"))
|
||
|
return false;
|
||
|
path.reserve(len);
|
||