diff options
| author | Andrew Tridgell <tridge@samba.org> | 1997-11-23 02:42:22 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1997-11-23 02:42:22 +0000 |
| commit | bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1 (patch) | |
| tree | 05b790235bbadeac72ec782a8c41e0fa6215e8e6 /source/cgi.c | |
| parent | d64d40a6ec57a4a999ae1f39175bcfd86ccb196e (diff) | |
| download | samba-bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1.tar.gz samba-bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1.tar.xz samba-bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1.zip | |
minor wsmbconf and cgi changes
Diffstat (limited to 'source/cgi.c')
| -rw-r--r-- | source/cgi.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/source/cgi.c b/source/cgi.c index 3739d712d39..f165c56110b 100644 --- a/source/cgi.c +++ b/source/cgi.c @@ -501,9 +501,22 @@ static void cgi_download(char *file) { struct stat st; char buf[1024]; - int fd, l; + int fd, l, i; char *p; + /* sanitise the filename */ + for (i=0;file[i];i++) { + if (!isalnum(file[i]) && !strchr("/.-_", file[i])) { + cgi_setup_error("404 File Not Found","", + "Illegal character in filename"); + } + } + + if (strstr(file,"..")) { + cgi_setup_error("404 File Not Found","", + "Relative paths not allowed"); + } + if (!file_exist(file, &st)) { cgi_setup_error("404 File Not Found","", "The requested file was not found"); @@ -574,7 +587,7 @@ void cgi_setup(char *rootdir) if (!authenticated) { cgi_setup_error("401 Authorization Required", - "WWW-Authenticate: Basic realm=\"samba\"\r\n", + "WWW-Authenticate: Basic realm=\"root\"\r\n", "You must be authenticated to use this service"); } @@ -604,3 +617,5 @@ void cgi_setup(char *rootdir) printf("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n"); } + + |