2001-08-16
2001-08-16 15:26:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>
-
b0f68ef4f7c45db644f2aa6708082f1256c5beed
(17 lines)
(+13/-4)
[
Show
| Annotate
]
Branch: 5.2
Improved path-verification code some more.
Rev: server/modules/filesystems/filesystem.pike:1.106
7:
inherit "module";
inherit "socket";
- constant cvs_version= "$Id: filesystem.pike,v 1.105 2001/08/16 15:18:09 grubba Exp $";
+ constant cvs_version= "$Id: filesystem.pike,v 1.106 2001/08/16 15:26:28 grubba Exp $";
constant thread_safe=1;
#include <module.h>
488: Inside #if constant(system.normalize_path)
f = norm_f = NORMALIZE_PATH(f = decode_path(path + f));
#if constant(system.normalize_path)
if (!has_prefix(norm_f, normalized_path) &&
- (norm_f+"/" != normalized_path)) {
+ #ifdef __NT__
+ (norm_f+"/" != normalized_path)
+ #else /* !__NT__ */
+ (norm_f+"/" != normalized_path)
+ #endif /* __NT__ */
+ ) {
errors++;
- report_error(LOCALE(0, "Path verification of %O failed.\n"), oldf);
+ report_error(LOCALE(0, "Path verification of %O failed:\n"
+ "%O is not a prefix of %O\n"
+ ), oldf, normalized_path, norm_f);
TRACE_LEAVE("");
TRACE_LEAVE("Permission denied.");
return http_low_answer(403, "<h2>File exists, but access forbidden "
"by user</h2>");
}
-
+ /* Adjust not_query */
id->not_query = mountpoint + replace(norm_f[sizeof(normalized_path)..],
"\\", "/");
if (sizeof(oldf) && (oldf[-1] == '/')) {