From 97fc159ff1ddc44b658e99cb25adcaf3a5dbfe85 Mon Sep 17 00:00:00 2001 From: tiptorrent development team Date: Thu, 23 Sep 2021 23:08:20 +0200 Subject: add basic uri sanitization disallow .. in uri. --- src/handler.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/handler.c b/src/handler.c index f3ce8ec..8534c69 100644 --- a/src/handler.c +++ b/src/handler.c @@ -44,9 +44,12 @@ static int tip_client_file_not_found(struct tip_client *cli) return -1; } -/* TODO: sanitize uri, don't escape directory serving files. */ static bool sanitize(const char *uri) { + /* TODO: smarter sanitization. */ + if (strstr(uri, "..")) + return false; + return true; } -- cgit v1.2.3-18-g5258