Bug #1909 » fix_using_std_string_only.patch
| new/RequestHandler.C 2013-05-22 20:13:51.942136779 +0200 | ||
|---|---|---|
|
}
|
||
|
// Request path must be absolute and not contain "..".
|
||
|
std::size_t lastdots = req.request_path.rfind("/..");
|
||
|
if (req.request_path.empty() || req.request_path[0] != '/'
|
||
|
|| req.request_path.find("..") != std::string::npos) {
|
||
|
|| req.request_path.find("/../") != std::string::npos
|
||
|
|| (lastdots != std::string::npos
|
||
|
&& req.request_path.length() == lastdots + 3)) {
|
||
|
return ReplyPtr(new StockReply(req, Reply::bad_request, "", config_));
|
||
|
}
|
||