diff options
| -rw-r--r-- | music.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -22,6 +22,11 @@ MusicListing::p get(const std::string path) { // prefix path with our root_directory fs::path p = root_directory / path; + // don't allow requests with /../ in the path + if(path.find("/../") != std::string::npos) { + return MusicListing::p(); + } + if(fs::is_directory(p)) { boost::shared_ptr<MusicListing> ml(new MusicDirectory(p)); return ml; |