projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'
[privoxy.git]
/
cgisimple.c
diff --git
a/cgisimple.c
b/cgisimple.c
index
947b79b
..
2b6cfbd
100644
(file)
--- a/
cgisimple.c
+++ b/
cgisimple.c
@@
-1,4
+1,4
@@
-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.10
0 2011/02/14 16:03:53
fabiankeil Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.10
1 2011/02/14 16:04:55
fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
@@
-711,7
+711,13
@@
jb_err cgi_send_user_manual(struct client_state *csp,
}
else if (NULL != strchr(filename, '/') || NULL != strstr(filename, ".."))
{
}
else if (NULL != strchr(filename, '/') || NULL != strstr(filename, ".."))
{
- /* Check parameter for hack attempts */
+ /*
+ * We currently only support a flat file
+ * hierachy for the documentation.
+ */
+ log_error(LOG_LEVEL_ERROR,
+ "Rejecting the request to serve '%s' as it contains '/' or '..'",
+ filename);
return JB_ERR_CGI_PARAMS;
}
return JB_ERR_CGI_PARAMS;
}