summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--music.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/music.cpp b/music.cpp
index 2c3b788..9b840bb 100644
--- a/music.cpp
+++ b/music.cpp
@@ -22,6 +22,11 @@ MusicListing::p get(const std::string path) {
// prefix path with our root_directory
fs::path p = root_directory / path;
+ // don't allow requests with /../ in the path
+ if(path.find("/../") != std::string::npos) {
+ return MusicListing::p();
+ }
+
if(fs::is_directory(p)) {
boost::shared_ptr<MusicListing> ml(new MusicDirectory(p));
return ml;