From b1dd7b0be798b3f446cea7f0e4e1a4f05aea7750 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 21 Dec 2012 09:04:02 +0100
Subject: mod_http_files: Escape paths in redirects

---
 plugins/mod_http_files.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'plugins/mod_http_files.lua')

diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua
index c0d9b2ec..43094eb4 100644
--- a/plugins/mod_http_files.lua
+++ b/plugins/mod_http_files.lua
@@ -12,6 +12,7 @@ local lfs = require "lfs";
 local os_date = os.date;
 local open = io.open;
 local stat = lfs.attributes;
+local build_path = require"socket.url".build_path;
 
 local http_base = module:get_option_string("http_files_dir", module:get_option_string("http_path", "www_files"));
 local dir_indices = module:get_option("http_files_index", { "index.html", "index.htm" });
@@ -78,7 +79,9 @@ function serve_file(event, path)
 		data = data.data;
 	elseif attr.mode == "directory" then
 		if full_path:sub(-1) ~= "/" then
-			response_headers.location = orig_path.."/";
+			local path = { is_absolute = true, is_directory = true };
+			for dir in orig_path:gmatch("[^/]+") do path[#path+1]=dir; end
+			response_headers.location = build_path(path);
 			return 301;
 		end
 		for i=1,#dir_indices do
-- 
cgit v1.2.3