diff options
| -rw-r--r-- | music.cpp | 5 | 
1 files changed, 5 insertions, 0 deletions
| @@ -22,6 +22,11 @@ MusicListing::p get(const std::string path) {  	// prefix path with our root_directory  	fs::path p = root_directory / path; +	// don't allow requests with /../ in the path +	if(path.find("/../") != std::string::npos) { +		return MusicListing::p(); +	} +  	if(fs::is_directory(p)) {  		boost::shared_ptr<MusicListing> ml(new MusicDirectory(p));  		return ml; | 
