Please sign in to comment.
Fix httpd directory traversal on Windows
Although the validation in httpd_request works well on platforms using forward slash as directory separator, on Windows systems, this protection can be circumvented using URLs containing backslashes. This way, any file accessible to the user running the server (even those outside the document root) can be read through HTTP. This commit solves the problem by expanding the list of path separators to '/\\'.
- Loading branch information...
Showing with 1 addition and 1 deletion.