Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix backend webserver when html dir path contains a link.
Use canonicalPath() consistently in the directory path checking.
This fixes an issue where the backend webserver would not serve
up static content if the html directory was in a path which
contained one or more links.
  • Loading branch information
cpinkham committed Jul 13, 2012
1 parent eff95fc commit 381c2eb
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 13 deletions.
17 changes: 5 additions & 12 deletions mythtv/libs/libmythupnp/htmlserver.cpp
Expand Up @@ -27,23 +27,18 @@ HtmlServerExtension::HtmlServerExtension( const QString sSharePath,
: HttpServerExtension( "Html" , sSharePath),
m_IndexFilename(sApplicationPrefix + "index")
{
// Cache the absolute path for the share directory.
// Cache the canonical path for the share directory.

QDir dir( sSharePath + "/html" );

dir.makeAbsolute();

m_sAbsoluteSharePath = dir.absolutePath();

if (getenv("MYTHHTMLDIR"))
{
QString sTempSharePath = getenv("MYTHHTMLDIR");
if (!sTempSharePath.isEmpty())
{
dir.setPath( sTempSharePath );
m_sAbsoluteSharePath = dir.absolutePath();
}
}

m_sSharePath = dir.canonicalPath();
}

/////////////////////////////////////////////////////////////////////////////
Expand All @@ -66,7 +61,7 @@ bool HtmlServerExtension::ProcessRequest( HTTPRequest *pRequest )
return( false );

bool bStorageGroupFile = false;
QFileInfo oInfo( m_sAbsoluteSharePath + pRequest->m_sResourceUrl );
QFileInfo oInfo( m_sSharePath + pRequest->m_sResourceUrl );

if (oInfo.isDir())
{
Expand All @@ -92,16 +87,14 @@ bool HtmlServerExtension::ProcessRequest( HTTPRequest *pRequest )

if (bStorageGroupFile || oInfo.exists() == true )
{
oInfo.makeAbsolute();

QString sResName = oInfo.canonicalFilePath();

// --------------------------------------------------------------
// Checking for url's that contain ../ or similar.
// --------------------------------------------------------------

if (( bStorageGroupFile ) ||
(sResName.startsWith( m_sAbsoluteSharePath, Qt::CaseInsensitive )))
(sResName.startsWith( m_sSharePath, Qt::CaseInsensitive )))
{
if (oInfo.exists())
{
Expand Down
2 changes: 1 addition & 1 deletion mythtv/libs/libmythupnp/htmlserver.h
Expand Up @@ -28,7 +28,7 @@ class UPNP_PUBLIC HtmlServerExtension : public HttpServerExtension
{
private:

QString m_sAbsoluteSharePath;
QString m_sSharePath;
ServerSideScripting m_Scripting;
QString m_IndexFilename;

Expand Down

0 comments on commit 381c2eb

Please sign in to comment.