diff options
| author | Andrew Tridgell <tridge@samba.org> | 1997-11-23 02:42:22 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1997-11-23 02:42:22 +0000 |
| commit | 74f06e4062634fa4f8cb46915280dedf73d58c6f (patch) | |
| tree | c25ba854e870c2c4e98d39e85f91356389cd2149 /source3/web/cgi.c | |
| parent | 8bf0f359f3ec440ace0bba6c12ca65d25ba45fd9 (diff) | |
| download | samba-74f06e4062634fa4f8cb46915280dedf73d58c6f.tar.gz samba-74f06e4062634fa4f8cb46915280dedf73d58c6f.tar.xz samba-74f06e4062634fa4f8cb46915280dedf73d58c6f.zip | |
minor wsmbconf and cgi changes
(This used to be commit bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1)
Diffstat (limited to 'source3/web/cgi.c')
| -rw-r--r-- | source3/web/cgi.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 3739d712d39..f165c56110b 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -501,9 +501,22 @@ static void cgi_download(char *file) { struct stat st; char buf[1024]; - int fd, l; + int fd, l, i; char *p; + /* sanitise the filename */ + for (i=0;file[i];i++) { + if (!isalnum(file[i]) && !strchr("/.-_", file[i])) { + cgi_setup_error("404 File Not Found","", + "Illegal character in filename"); + } + } + + if (strstr(file,"..")) { + cgi_setup_error("404 File Not Found","", + "Relative paths not allowed"); + } + if (!file_exist(file, &st)) { cgi_setup_error("404 File Not Found","", "The requested file was not found"); @@ -574,7 +587,7 @@ void cgi_setup(char *rootdir) if (!authenticated) { cgi_setup_error("401 Authorization Required", - "WWW-Authenticate: Basic realm=\"samba\"\r\n", + "WWW-Authenticate: Basic realm=\"root\"\r\n", "You must be authenticated to use this service"); } @@ -604,3 +617,5 @@ void cgi_setup(char *rootdir) printf("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n"); } + + |