Skip to content

Commit

Permalink
Fix backend webserver when html dir path contains a link.
Browse files Browse the repository at this point in the history 
Use canonicalPath() consistently in the directory path checking.
This fixes an issue where the backend webserver would not serve
up static content if the html directory was in a path which
contained one or more links.
  • Loading branch information
@cpinkham
cpinkham committed Jul 13, 2012
1 parent eff95fc commit 381c2eb
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 13 deletions.
17 changes: 5 additions & 12 deletions mythtv/libs/libmythupnp/htmlserver.cpp
View file
Expand Up @@ -27,23 +27,18 @@ HtmlServerExtension::HtmlServerExtension( const QString sSharePath,
: HttpServerExtension( "Html" , sSharePath), : HttpServerExtension( "Html" , sSharePath),
m_IndexFilename(sApplicationPrefix + "index") m_IndexFilename(sApplicationPrefix + "index")
{ {
// Cache the absolute path for the share directory. // Cache the canonical path for the share directory.


QDir dir( sSharePath + "/html" ); QDir dir( sSharePath + "/html" );


dir.makeAbsolute();

m_sAbsoluteSharePath = dir.absolutePath();

if (getenv("MYTHHTMLDIR")) if (getenv("MYTHHTMLDIR"))
{ {
QString sTempSharePath = getenv("MYTHHTMLDIR"); QString sTempSharePath = getenv("MYTHHTMLDIR");
if (!sTempSharePath.isEmpty()) if (!sTempSharePath.isEmpty())
{
dir.setPath( sTempSharePath ); dir.setPath( sTempSharePath );
m_sAbsoluteSharePath = dir.absolutePath();
}
} }

m_sSharePath = dir.canonicalPath();
} }


///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
Expand All @@ -66,7 +61,7 @@ bool HtmlServerExtension::ProcessRequest( HTTPRequest *pRequest )
return( false ); return( false );


bool bStorageGroupFile = false; bool bStorageGroupFile = false;
QFileInfo oInfo( m_sAbsoluteSharePath + pRequest->m_sResourceUrl ); QFileInfo oInfo( m_sSharePath + pRequest->m_sResourceUrl );


if (oInfo.isDir()) if (oInfo.isDir())
{ {
Expand All @@ -92,16 +87,14 @@ bool HtmlServerExtension::ProcessRequest( HTTPRequest *pRequest )


if (bStorageGroupFile || oInfo.exists() == true ) if (bStorageGroupFile || oInfo.exists() == true )
{ {
oInfo.makeAbsolute();

QString sResName = oInfo.canonicalFilePath(); QString sResName = oInfo.canonicalFilePath();


// -------------------------------------------------------------- // --------------------------------------------------------------
// Checking for url's that contain ../ or similar. // Checking for url's that contain ../ or similar.
// -------------------------------------------------------------- // --------------------------------------------------------------


if (( bStorageGroupFile ) || if (( bStorageGroupFile ) ||
(sResName.startsWith( m_sAbsoluteSharePath, Qt::CaseInsensitive ))) (sResName.startsWith( m_sSharePath, Qt::CaseInsensitive )))
{ {
if (oInfo.exists()) if (oInfo.exists())
{ {
Expand Down
2 changes: 1 addition & 1 deletion mythtv/libs/libmythupnp/htmlserver.h
View file
Expand Up @@ -28,7 +28,7 @@ class UPNP_PUBLIC HtmlServerExtension : public HttpServerExtension
{ {
private: private:


QString m_sAbsoluteSharePath; QString m_sSharePath;
ServerSideScripting m_Scripting; ServerSideScripting m_Scripting;
QString m_IndexFilename; QString m_IndexFilename;


Expand Down

0 comments on commit 381c2eb

Please sign in to comment.