Actions
Bug #521
closedSSI includes with sub-directory broken
Status:
Fixed
Priority:
Normal
Category:
mod_ssi
Target version:
-
ASK QUESTIONS IN Forums:
Description
The following patch should fix the SSI_INCLUDE for #include file="" when using sub-directory:
--- mod_ssi.c.dist 2006-02-10 13:33:00.000000000 -0500
+++ mod_ssi.c.new 2006-02-13 15:23:00.000000000 -0500
@@ -513,18 +513,18 @@
if (file_path) {
/* current doc-root */
- if (NULL == (sl = strrchr(con->physical.path->ptr, '/'))) {
- buffer_copy_string(p->stat_fn, "/");
- } else {
- buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, sl - con->physical.path->ptr + 1);
- }
-
- /* fn */
- if (NULL == (sl = strrchr(file_path, '/'))) {
- buffer_append_string(p->stat_fn, file_path);
- } else {
- buffer_append_string(p->stat_fn, sl + 1);
- }
+ //
+ // skip if file_path contains forbidden strings
+ if (file_path[0] == '/' || strstr(file_path, "../")) break;
+
+ if (NULL == (sl = strrchr(con->physical.path->ptr, '/'))) {
+ buffer_copy_string(p->stat_fn, "/");
+ } else {
+ buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, sl - con->physical.path->ptr + 1);
+ }
+
+ buffer_append_string(p->stat_fn, file_path);
+
} else {
/* virtual */
Updated by conny almost 19 years ago
- Status changed from New to Fixed
- Resolution set to duplicate
Merging with the ticket #462.
Actions
Also available in: Atom