code: plan9front

Download patch

ref: 241667b933ff5bacb9a3974f6877fb8aad78bed3
parent: 60ef662b98f05ae84a7e111eb5c0dee9b6be1d9a
author: glenda <glenda@9front.local>
date: Thu Mar 31 21:59:47 EDT 2022

/rc/bin/rc-httpd/handlers/{dir-index, serve-static}: commit the correct files this time (thanks, igor)

--- a/rc/bin/rc-httpd/handlers/dir-index
+++ b/rc/bin/rc-httpd/handlers/dir-index
@@ -2,6 +2,10 @@
 PATH_INFO=`{echo $PATH_INFO | urlencode -d}
 full_path=$"FS_ROOT^$"PATH_INFO
 full_path=$"full_path
+if(! ~ `{cleanname -d$FS_ROOT $full_path} `{cleanname $FS_ROOT}^*){
+       error 503
+       exit
+}
 if(! test -d $full_path){
 	error 404
 	exit
@@ -14,8 +18,7 @@
 if(~ $"NOINDEXFILE ^ $"NOINDEX ''){
 	ifile=index.htm*
 	if(! ~ $ifile(1) *'*'){
-		PATH_INFO=$ifile(1)
-		FS_ROOT=''
+		PATH_INFO=$PATH_INFO^$ifile(1)
 		exec serve-static
 	}
 }
--- a/rc/bin/rc-httpd/handlers/serve-static
+++ b/rc/bin/rc-httpd/handlers/serve-static
@@ -1,6 +1,10 @@
 #!/bin/rc
 full_path=`{echo $"FS_ROOT^$"PATH_INFO | urlencode -d}
 full_path=$"full_path
+if(! ~ `{cleanname -d$FS_ROOT $full_path} `{cleanname $FS_ROOT}^*){
+       error 503
+       exit
+}
 if(~ $full_path */)
 	error 503
 if(test -d $full_path){