|
|
@@ -693,12 +693,19 @@ generate_page (void *cls,
|
|
|
|
|
|
if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
|
|
|
return MHD_NO; /* unexpected method (we're not polite...) */
|
|
|
- if ( (0 == stat (&url[1], &buf)) &&
|
|
|
- (NULL == strstr (&url[1], "..")) &&
|
|
|
- ('/' != url[1]))
|
|
|
- fd = open (&url[1], O_RDONLY);
|
|
|
- else
|
|
|
- fd = -1;
|
|
|
+ fd = -1;
|
|
|
+
|
|
|
+ if ( (NULL == strstr (&url[1], "..")) &&
|
|
|
+ ('/' != url[1]) )
|
|
|
+ {
|
|
|
+ fd = open (&url[1], O_RDONLY);
|
|
|
+ if ( (0 != fstat (fd, &buf)) ||
|
|
|
+ (! S_ISREG (buf.st_mode)) )
|
|
|
+ {
|
|
|
+ (void) close (fd);
|
|
|
+ fd = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
if (-1 == fd)
|
|
|
return MHD_queue_response (connection,
|
|
|
MHD_HTTP_NOT_FOUND,
|
Christian Grothoff