X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_httpd.cpp;h=eefb3ed93c09f10f74950efa9e6d97ecaddecbc3;hb=6f4aee365b5af9a9c6f733be8dbfc3365d15a866;hp=330e98c6a9739877f85589f211d097db65feb8ab;hpb=44489ddf7e90413d8f656aea24d74445bab227af;p=user%2Fhenk%2Fcode%2Finspircd.git
diff --git a/src/modules/m_httpd.cpp b/src/modules/m_httpd.cpp
index 330e98c6a..eefb3ed93 100644
--- a/src/modules/m_httpd.cpp
+++ b/src/modules/m_httpd.cpp
@@ -264,14 +264,18 @@ class HttpServerSocket : public BufferedSocket, public Timer, public insp::intru
Close();
}
- void SendHTTPError(unsigned int response)
+ void SendHTTPError(unsigned int response, const char* errstr = NULL)
{
+ if (!errstr)
+ errstr = http_status_str((http_status)response);
+
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Sending HTTP error %u: %s", response, errstr);
static HTTPHeaders empty;
std::string data = InspIRCd::Format(
"
"
"Error %u
%s
"
"Powered by InspIRCd",
- response, http_status_str((http_status)response));
+ response, errstr);
Page(data, response, &empty);
}
@@ -303,8 +307,10 @@ class HttpServerSocket : public BufferedSocket, public Timer, public insp::intru
if (parser.upgrade || HTTP_PARSER_ERRNO(&parser))
return;
http_parser_execute(&parser, &parser_settings, recvq.data(), recvq.size());
- if (parser.upgrade || HTTP_PARSER_ERRNO(&parser))
+ if (parser.upgrade)
SendHTTPError(status_code ? status_code : 400);
+ else if (HTTP_PARSER_ERRNO(&parser))
+ SendHTTPError(status_code ? status_code : 400, http_errno_description((http_errno)parser.http_errno));
}
void ServeData()
@@ -345,7 +351,32 @@ class HttpServerSocket : public BufferedSocket, public Timer, public insp::intru
return false;
if (url.field_set & (1 << UF_PATH))
- out.path = uri.substr(url.field_data[UF_PATH].off, url.field_data[UF_PATH].len);
+ {
+ // Normalise the path.
+ std::vector pathsegments;
+ irc::sepstream pathstream(uri.substr(url.field_data[UF_PATH].off, url.field_data[UF_PATH].len), '/');
+ for (std::string pathsegment; pathstream.GetToken(pathsegment); )
+ {
+ if (pathsegment == ".")
+ {
+ // Stay at the current level.
+ continue;
+ }
+
+ if (pathsegment == "..")
+ {
+ // Traverse up to the previous level.
+ if (!pathsegments.empty())
+ pathsegments.pop_back();
+ continue;
+ }
+
+ pathsegments.push_back(pathsegment);
+ }
+
+ out.path.reserve(url.field_data[UF_PATH].len);
+ out.path.append("/").append(stdalgo::string::join(pathsegments, '/'));
+ }
if (url.field_set & (1 << UF_FRAGMENT))
out.fragment = uri.substr(url.field_data[UF_FRAGMENT].off, url.field_data[UF_FRAGMENT].len);