diff options
| author | tiptorrent development team <tiptorrent@soleta.eu> | 2021-09-23 23:08:20 +0200 |
|---|---|---|
| committer | tiptorrent development team <tiptorrent@soleta.eu> | 2021-09-29 15:49:13 +0200 |
| commit | 97fc159ff1ddc44b658e99cb25adcaf3a5dbfe85 (patch) | |
| tree | 6d004882256323c0b411296d102f04c0d12088d6 /src | |
| parent | 324fdcfd583dbd95ce479712be57c6ca93c29fbb (diff) | |
add basic uri sanitization
disallow .. in uri.
Diffstat (limited to 'src')
| -rw-r--r-- | src/handler.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/handler.c b/src/handler.c index f3ce8ec..8534c69 100644 --- a/src/handler.c +++ b/src/handler.c @@ -44,9 +44,12 @@ static int tip_client_file_not_found(struct tip_client *cli) return -1; } -/* TODO: sanitize uri, don't escape directory serving files. */ static bool sanitize(const char *uri) { + /* TODO: smarter sanitization. */ + if (strstr(uri, "..")) + return false; + return true; } |