Ticket #521 (closed defect: duplicate)
SSI includes with sub-directory broken
| Reported by: | anonymous | Owned by: | jan |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | mod_ssi | Version: | 1.4.10 |
| Severity: | normal | Keywords: | mod_ssi patch |
| Cc: | Blocked By: | ||
| Need User Feedback: | Blocking: |
Description (last modified by conny) (diff)
The following patch should fix the SSI_INCLUDE for #include file="" when using sub-directory:
--- mod_ssi.c.dist 2006-02-10 13:33:00.000000000 -0500
+++ mod_ssi.c.new 2006-02-13 15:23:00.000000000 -0500
@@ -513,18 +513,18 @@
if (file_path) {
/* current doc-root */
- if (NULL == (sl = strrchr(con->physical.path->ptr, '/'))) {
- buffer_copy_string(p->stat_fn, "/");
- } else {
- buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, sl - con->physical.path->ptr + 1);
- }
-
- /* fn */
- if (NULL == (sl = strrchr(file_path, '/'))) {
- buffer_append_string(p->stat_fn, file_path);
- } else {
- buffer_append_string(p->stat_fn, sl + 1);
- }
+ //
+ // skip if file_path contains forbidden strings
+ if (file_path[0] == '/' || strstr(file_path, "../")) break;
+
+ if (NULL == (sl = strrchr(con->physical.path->ptr, '/'))) {
+ buffer_copy_string(p->stat_fn, "/");
+ } else {
+ buffer_copy_string_len(p->stat_fn, con->physical.path->ptr, sl - con->physical.path->ptr + 1);
+ }
+
+ buffer_append_string(p->stat_fn, file_path);
+
} else {
/* virtual */
Attachments
Change History
Note: See
TracTickets for help on using
tickets.
