From: paul Date: Mon, 28 Nov 2016 14:40:06 +0000 (+0000) Subject: expand PATH before double dot check X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=a6dcd4285f52bba4fd579e991393b94067aff443;p=cgilite expand PATH before double dot check svn path=/trunk/; revision=47 --- diff --git a/server.sh b/server.sh index 0cb43ff..fe28169 100755 --- a/server.sh +++ b/server.sh @@ -90,9 +90,10 @@ HTTP_format(){ ' } -PATH_INFO="$(invalidate "${PATH_INFO}" '(^|.*/)\.\./.*' '')" -if [ -z "$QUERY_STRING" -a -f "$_DATA/$PATH_INFO" ]; then - . "$_EXEC/shcgi/static.sh" "$_DATA/$PATH_INFO" +if [ -z "$QUERY_STRING" ]; then + PATH_INFO="$(printf "$(printf %s "$PATH_INFO" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g')")" + PATH_INFO="$(invalidate "${PATH_INFO}" '(^|.*/)\.\./.*' '')" + [ -f "$_DATA/$PATH_INFO" ] && . "$_EXEC/shcgi/static.sh" "$_DATA/$PATH_INFO" exit 0 fi |HTTP_format