diff options
Diffstat (limited to 'browse.c')
| -rw-r--r-- | browse.c | 23 |
1 files changed, 1 insertions, 22 deletions
@@ -40,25 +40,6 @@ #include "http.h" #include "url.h" -#define URL_LENGTH_MAX 8192 - -/* - * Checks that the path can be safely processed. Namely, it should not contain - * "..", which denotes an attempt to get out of the DATA_DIR root folder. - */ -static bool -check_request_path(char *path) -{ - char *p_found; - - p_found = strstr(path, "/.."); - if (p_found != NULL) - return false; - - p_found = strstr(path, "../"); - return p_found == NULL; -} - /* * file url = r->pname / r->pagename / r->path / file_name */ @@ -84,8 +65,6 @@ browse(struct kreq * r) /* check that the requested URL can be safely processed */ if (!check_request_path(r->path)) http_exit(r, KHTTP_400, "browse: Invalid request path"); - if (strlen(r->path) >= URL_LENGTH_MAX) - http_exit(r, KHTTP_414, NULL); /* list requested directory content */ url_size = url_build(current_dir, URL_LENGTH_MAX, 2, DATA_DIR, r->path); @@ -97,7 +76,7 @@ browse(struct kreq * r) if (NULL == data_dir) http_exit(r, KHTTP_404, NULL); - http_open(r, KHTTP_200); + http_open(r, KHTTP_200, r->mime); K_OK(khtml_open(&html, r, 0), r); |