From e4f3a5fe37f950e1ee45a93aecd30dde5963eda2 Mon Sep 17 00:00:00 2001 From: Max Wipfli Date: Sun, 6 Jun 2021 17:29:04 +0200 Subject: [PATCH] WebServer: Make ".." equal to "." in server root directory In the web server root directory, ".." has to be handled specially, since everything above it does not exist from the point of view of the user. The most sensible thing to do is to make ".." equal to ".". This is also what ls(1) does for "/" and what "http://localhost/../" evaluates to. This also fixes a bug where stat() would fail on the directory above the root directory, since it hasn't been unveiled for the process. --- Userland/Services/WebServer/Client.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp index ba1d1ebfeb..2237a994c2 100644 --- a/Userland/Services/WebServer/Client.cpp +++ b/Userland/Services/WebServer/Client.cpp @@ -217,7 +217,13 @@ void Client::handle_directory_listing(String const& requested_path, String const StringBuilder path_builder; path_builder.append(real_path); path_builder.append('/'); - path_builder.append(name); + // NOTE: In the root directory of the webserver, ".." should be equal to ".", since we don't want + // the user to see e.g. the size of the parent directory (and it isn't unveiled, so stat fails). + if (requested_path == "/" && name == "..") + path_builder.append("."); + else + path_builder.append(name); + struct stat st; memset(&st, 0, sizeof(st)); int rc = stat(path_builder.to_string().characters(), &st); @@ -225,7 +231,7 @@ void Client::handle_directory_listing(String const& requested_path, String const perror("stat"); } - bool is_directory = S_ISDIR(st.st_mode) || name.is_one_of(".", ".."); + bool is_directory = S_ISDIR(st.st_mode); builder.append(""); builder.appendff("
", is_directory ? "folder" : "file");