From 51a0b68908c1f9ca9cb49f957fb6aae5307674f6 Mon Sep 17 00:00:00 2001
From: Stefano Zacchiroli <zack@upsilon.cc>
Date: Wed, 16 Mar 2005 16:33:10 +0000
Subject: [PATCH] - bugfix: do not fail when query_kind is missing (e.g. on
/getpage) - bugfix: security, no longer subject to directory traversal (!)
---
helm/searchEngine/searchEngine.ml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/helm/searchEngine/searchEngine.ml b/helm/searchEngine/searchEngine.ml
index d994ac11a..d262029ed 100644
--- a/helm/searchEngine/searchEngine.ml
+++ b/helm/searchEngine/searchEngine.ml
@@ -122,7 +122,7 @@ let query_kind_of_req (req: Http_types.request) =
| "/hint" -> "Hint"
| "/locate" -> "Locate"
| "/elim" -> "Elim"
- | _ -> assert false
+ | _ -> ""
(* given a uri with a query part in input try to find in it a string
* "¶m_name=..." (where param_name is given). If found its value will be
@@ -348,16 +348,16 @@ let callback dbd (req: Http_types.request) outchan =
(match req#path with
| "/getpage" ->
(* TODO implement "is_permitted" *)
- (let is_permitted _ = true in
+ (let is_permitted page = not (Pcre.pmatch ~pat:"/" page) in
let page = req#param "url" in
+ let fname = sprintf "%s/%s" pages_dir page in
let preprocess =
(try
bool_of_string (req#param "preprocess")
with Invalid_argument _ | Http_types.Param_not_found _ -> false)
in
(match page with
- | page when is_permitted page ->
- (let fname = sprintf "%s/%s" pages_dir page in
+ | page when is_permitted page && Sys.file_exists fname ->
Http_daemon.send_basic_headers ~code:(`Code 200) outchan;
Http_daemon.send_header "Content-Type" "text/html" outchan;
Http_daemon.send_CRLF outchan;
@@ -374,7 +374,7 @@ let callback dbd (req: Http_types.request) outchan =
"\n"))
fname
end else
- Http_daemon.send_file ~src:(Http_types.FileSrc fname) outchan)
+ Http_daemon.send_file ~src:(Http_types.FileSrc fname) outchan
| page -> Http_daemon.respond_forbidden ~url:page outchan))
| "/help" -> Http_daemon.respond ~body:daemon_name outchan
| "/locate" ->
--
2.39.2