In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'

author Fabian Keil <fk@fabiankeil.de>

Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)

committer Fabian Keil <fk@fabiankeil.de>

Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)
author Fabian Keil <fk@fabiankeil.de>
Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)
committer Fabian Keil <fk@fabiankeil.de>
Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)
diff --git a/cgisimple.c b/cgisimple.c

index 947b79b..2b6cfbd 100644 (file)
--- a/cgisimple.c
+++ b/cgisimple.c
@@ -1,4 +1,4 @@
-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.100 2011/02/14 16:03:53 fabiankeil Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.101 2011/02/14 16:04:55 fabiankeil Exp $";
  /*********************************************************************
   *
   * File        :  $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
@@ -711,7 +711,13 @@ jb_err cgi_send_user_manual(struct client_state *csp,
     }
     else if (NULL != strchr(filename, '/') || NULL != strstr(filename, ".."))
     {
-      /* Check parameter for hack attempts */
+      /*
+       * We currently only support a flat file
+       * hierachy for the documentation.
+       */
+      log_error(LOG_LEVEL_ERROR,
+         "Rejecting the request to serve '%s' as it contains '/' or '..'",
+         filename);
        return JB_ERR_CGI_PARAMS;
     }
author	Fabian Keil <fk@fabiankeil.de>
	Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)
committer	Fabian Keil <fk@fabiankeil.de>
	Mon, 14 Feb 2011 16:05:37 +0000 (16:05 +0000)