X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_httpd.cpp;h=eefb3ed93c09f10f74950efa9e6d97ecaddecbc3;hb=80e81e3b81b779901fd9d67f8ae030ee30c0bcec;hp=b4e221e621094a11cd2dc393c594406d867742ff;hpb=092f2b181848d4575f4317267866dade7312c542;p=user%2Fhenk%2Fcode%2Finspircd.git
diff --git a/src/modules/m_httpd.cpp b/src/modules/m_httpd.cpp
index b4e221e62..eefb3ed93 100644
--- a/src/modules/m_httpd.cpp
+++ b/src/modules/m_httpd.cpp
@@ -266,12 +266,16 @@ class HttpServerSocket : public BufferedSocket, public Timer, public insp::intru
void SendHTTPError(unsigned int response, const char* errstr = NULL)
{
+ if (!errstr)
+ errstr = http_status_str((http_status)response);
+
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Sending HTTP error %u: %s", response, errstr);
static HTTPHeaders empty;
std::string data = InspIRCd::Format(
""
"Error %u
%s
"
"Powered by InspIRCd",
- response, errstr ? errstr : http_status_str((http_status)response));
+ response, errstr);
Page(data, response, &empty);
}
@@ -347,7 +351,32 @@ class HttpServerSocket : public BufferedSocket, public Timer, public insp::intru
return false;
if (url.field_set & (1 << UF_PATH))
- out.path = uri.substr(url.field_data[UF_PATH].off, url.field_data[UF_PATH].len);
+ {
+ // Normalise the path.
+ std::vector pathsegments;
+ irc::sepstream pathstream(uri.substr(url.field_data[UF_PATH].off, url.field_data[UF_PATH].len), '/');
+ for (std::string pathsegment; pathstream.GetToken(pathsegment); )
+ {
+ if (pathsegment == ".")
+ {
+ // Stay at the current level.
+ continue;
+ }
+
+ if (pathsegment == "..")
+ {
+ // Traverse up to the previous level.
+ if (!pathsegments.empty())
+ pathsegments.pop_back();
+ continue;
+ }
+
+ pathsegments.push_back(pathsegment);
+ }
+
+ out.path.reserve(url.field_data[UF_PATH].len);
+ out.path.append("/").append(stdalgo::string::join(pathsegments, '/'));
+ }
if (url.field_set & (1 << UF_FRAGMENT))
out.fragment = uri.substr(url.field_data[UF_FRAGMENT].off, url.field_data[UF_FRAGMENT].len);