Skip to content

Commit

Permalink
Fix relative path traversal in twill:staticdocs:serve
Browse files Browse the repository at this point in the history
  • Loading branch information
@ouuan @ifox
ouuan authored and ifox committed Feb 14, 2024
1 parent 2a7469b commit 81f5a14
Showing 1 changed file with 10 additions and 9 deletions.
19 changes: 10 additions & 9 deletions docs/generator/server.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,19 @@
parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);

if ($uri === '/' || $uri === '') {
$uri = 'index.html';
$base = realpath(__DIR__ . '/../_build/');
if (is_dir($base . $uri)) {
$uri .= "/index.html";
}
$target = realpath($base . $uri);

if (file_exists(__DIR__ . '/../_build/' . $uri)) {
if (str_ends_with($uri, '.css')) {
if ($target && str_starts_with($target, $base) && file_exists($target)) {
if (str_ends_with($target, '.css')) {
header("Content-Type: text/css");
} else {
if (str_ends_with($uri, '/')) {
$uri .= '/index.html';
}
header('Content-Type: ' . mime_content_type(__DIR__ . '/../_build/' . $uri));
header('Content-Type: ' . mime_content_type($target));
}
echo file_get_contents(__DIR__ . '/../_build/' . $uri);
echo file_get_contents($target);
} else {
http_response_code(404);
}

0 comments on commit 81f5a14

Please sign in to comment.