Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix vulnerability around urls crafter as http://host/../secret.foo (#24)
  • Loading branch information
c0diq committed Jul 23, 2019
1 parent 39c91be commit 9a4ceac
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Source/Core/PltHttpServer.cpp
Expand Up @@ -190,7 +190,7 @@ PLT_HttpServer::ServeFile(const NPT_HttpRequest& request,
NPT_FileInfo file_info;

// prevent hackers from accessing files outside of our root
if ((file_path.Find("/..") >= 0) || (file_path.Find("\\..") >= 0) ||
if ((file_path.Find("../") >= 0) || (file_path.Find("..\\") >= 0) ||
NPT_FAILED(NPT_File::GetInfo(file_path, &file_info))) {
return NPT_ERROR_NO_SUCH_ITEM;
}
Expand Down

0 comments on commit 9a4ceac

Please sign in to comment.