-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.99 2010/03/28 18:02:22 fabiankeil Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.101 2011/02/14 16:04:55 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
}
get_string_param(parameters, "file", &filename);
- /* Check paramter for hack attempts */
- if (filename && strchr(filename, '/'))
+ if (filename == NULL)
{
- return JB_ERR_CGI_PARAMS;
+ /* It's '/' so serve the index.html if there is one. */
+ filename = "index.html";
}
- if (filename && strstr(filename, ".."))
+ else if (NULL != strchr(filename, '/') || NULL != strstr(filename, ".."))
{
+ /*
+ * We currently only support a flat file
+ * hierachy for the documentation.
+ */
+ log_error(LOG_LEVEL_ERROR,
+ "Rejecting the request to serve '%s' as it contains '/' or '..'",
+ filename);
return JB_ERR_CGI_PARAMS;
}
- full_path = make_path(csp->config->usermanual, filename ? filename : "index.html");
+ full_path = make_path(csp->config->usermanual, filename);
if (full_path == NULL)
{
return JB_ERR_MEMORY;