r6987: - make sure esp pages cannot read data outside of the swat directory

- don't expose the real system path to esp scripts

- fixed absolute paths in include() calls

2 files changed, 7 insertions, 3 deletions

diff --git a/source/web_server/esp/esp.h b/source/web_server/esp/esp.h
index 33ab9d7ac94..4503cacbb72 100644
--- a/source/web_server/esp/esp.h
+++ b/source/web_server/esp/esp.h
@@ -99,7 +99,7 @@ typedef struct Esp {
 	char	*(*getSessionId)(EspHandle handle);
 	int		(*mapToStorage)(EspHandle handle, char *path, int len, char *uri,
 				int flags);
-	int		(*readFile)(EspHandle handle, char **buf, int *len, char *path);
+	int		(*readFile)(EspHandle handle, char **buf, int *len, const char *path);
 	void	(*redirect)(EspHandle handle, int code, char *url);
 	void 	(*setCookie)(EspHandle handle, char *name, char *value, 
 				int lifetime, char *path, bool secure);
diff --git a/source/web_server/esp/espProcs.c b/source/web_server/esp/espProcs.c
index a8da800213b..5c99e092c94 100644
--- a/source/web_server/esp/espProcs.c
+++ b/source/web_server/esp/espProcs.c
@@ -77,8 +77,12 @@ static int includeProc(EspRequest *ep, int argc, char **argv)
 	esp = ep->esp;
 	mprAssert(argv);
 	for (i = 0; i < argc; i++) {
-		mprGetDirName(dir, sizeof(dir), ep->docPath);
-		mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+		if (argv[i][0] != '/') {
+			mprGetDirName(dir, sizeof(dir), ep->docPath);
+			mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+		} else {
+			mprSprintf(path, sizeof(path), "%s", argv[i]);
+		}
 		
 		if (esp->readFile(ep->requestHandle, &buf, &size, path) < 0) {
 			espError(ep, "Can't read include file: %s", path);