diff options
| author | Jon Bergli Heier <snakebite@jvnv.net> | 2010-12-29 22:00:50 +0100 |
|---|---|---|
| committer | Jon Bergli Heier <snakebite@jvnv.net> | 2010-12-29 22:00:50 +0100 |
| commit | 2133fd579e0d4726b032288d10d053231109c586 (patch) | |
| tree | 339ce5d201c6ffbbeb60d02fef3b73c35e1e5fa7 | |
| parent | d67fd6103956046245744cf5cf094d4da8cbcc19 (diff) | |
Don't allow requests with /../ in the path.
| -rw-r--r-- | music.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -22,6 +22,11 @@ MusicListing::p get(const std::string path) { // prefix path with our root_directory fs::path p = root_directory / path; + // don't allow requests with /../ in the path + if(path.find("/../") != std::string::npos) { + return MusicListing::p(); + } + if(fs::is_directory(p)) { boost::shared_ptr<MusicListing> ml(new MusicDirectory(p)); return ml; |