mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 05:37:43 +00:00
WebServer: Fix jailbreaking of server via .. relative paths
The recent patch to LexicalPath allowed relative paths like ../ to work in requests to WebServer. This wasn't too dangerous because of unveil, but let's still fix this :^)
This commit is contained in:
parent
7957f13e98
commit
9f42ccd639
1 changed files with 1 additions and 1 deletions
|
@ -73,7 +73,7 @@ void Client::handle_request(ReadonlyBytes raw_request)
|
|||
return;
|
||||
}
|
||||
|
||||
auto requested_path = LexicalPath::canonicalized_path(request.resource());
|
||||
auto requested_path = LexicalPath::join("/", request.resource()).string();
|
||||
dbgln("Canonical requested path: '{}'", requested_path);
|
||||
|
||||
StringBuilder path_builder;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue