Bug #1909 » fix_using_boost.patch
| new/RequestHandler.C 2013-05-22 20:16:00.105936735 +0200 | ||
|---|---|---|
|
#include <fstream>
|
||
|
#include <sstream>
|
||
|
#include <string>
|
||
|
#include <boost/algorithm/string/predicate.hpp>
|
||
|
#include <boost/lexical_cast.hpp>
|
||
|
#include "Request.h"
|
||
| ... | ... | |
|
// Request path must be absolute and not contain "..".
|
||
|
if (req.request_path.empty() || req.request_path[0] != '/'
|
||
|
|| req.request_path.find("..") != std::string::npos) {
|
||
|
|| req.request_path.find("/../") != std::string::npos
|
||
|
|| boost::algorithm::ends_with(req.request_path, "/..")) {
|
||
|
return ReplyPtr(new StockReply(req, Reply::bad_request, "", config_));
|
||
|
}
|
||