diff options
author | Kim Alvefur <zash@zash.se> | 2016-03-03 16:06:16 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2016-03-03 16:06:16 +0100 |
commit | ae606b2cdfedf41a2b6f8fd5e90fe5ddac3892e4 (patch) | |
tree | 6ff9f371d84546013bcbbb7ad355b0230c37b46b /plugins/mod_http_files.lua | |
parent | 0b702d28acf78831d94c75d4c239650ee1fe2c53 (diff) | |
parent | 3140ed3d626e976639ef5f38efb9790008834d9c (diff) | |
download | prosody-ae606b2cdfedf41a2b6f8fd5e90fe5ddac3892e4.tar.gz prosody-ae606b2cdfedf41a2b6f8fd5e90fe5ddac3892e4.zip |
Merge 0.10->trunk
Diffstat (limited to 'plugins/mod_http_files.lua')
-rw-r--r-- | plugins/mod_http_files.lua | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 0c542714..3b602495 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -56,6 +56,7 @@ end local urldecode = require "util.http".urldecode; function sanitize_path(path) + if not path then return end local out = {}; local c = 0; @@ -74,6 +75,9 @@ function sanitize_path(path) out[c] = component; end end + if path:sub(-1,-1) == "/" then + out[c+1] = ""; + end return "/"..table.concat(out, "/"); end @@ -88,12 +92,13 @@ function serve(opts) local directory_index = opts.directory_index; local function serve_file(event, path) local request, response = event.request, event.response; - path = sanitize_path(path); - if not path then + local sanitized_path = sanitize_path(path); + if path and not sanitized_path then return 400; end + path = sanitized_path; local orig_path = sanitize_path(request.path); - local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep); + local full_path = base_path .. (path or ""):gsub("/", path_sep); local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows if not attr then return 404; |