#include <libintl.h>
#define _(str) gettext(str)
+#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
if (page) {
*rp_code = MHD_HTTP_OK;
- resp = MHD_create_response_from_data(strlen(page), page,
- MHD_YES, MHD_NO);
+ resp = MHD_create_response_from_buffer(strlen(page),
+ page,
+ MHD_RESPMEM_MUST_FREE);
MHD_add_response_header(resp, MHD_HTTP_HEADER_CONTENT_TYPE,
"application/json");
if (!st.st_size) {
fclose(file);
- return MHD_create_response_from_data
- (0, NULL, MHD_NO, MHD_NO);
+ return MHD_create_response_from_buffer
+ (0, NULL, 0);
}
return MHD_create_response_from_callback
static struct MHD_Response *
create_response(const char *nurl, const char *method, unsigned int *rp_code)
{
- char *page, *fpath;
+ char *page, *fpath, *rpath;
struct MHD_Response *resp = NULL;
+ int n;
if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
resp = create_response_api(nurl, method, rp_code);
} else {
fpath = get_path(nurl, server_data.www_dir);
- resp = create_response_file(nurl, method, rp_code, fpath);
+ rpath = realpath(fpath, NULL);
+ if (rpath) {
+ n = strlen(server_data.www_dir);
+ if (!strncmp(server_data.www_dir, rpath, n))
+ resp = create_response_file(nurl,
+ method,
+ rp_code,
+ fpath);
+ free(rpath);
+ }
free(fpath);
}
page = strdup(PAGE_NOT_FOUND);
*rp_code = MHD_HTTP_NOT_FOUND;
- return MHD_create_response_from_data(strlen(page),
- page,
- MHD_YES,
- MHD_NO);
+ return MHD_create_response_from_buffer(strlen(page),
+ page,
+ MHD_RESPMEM_MUST_FREE);
}
static int cbk_http_request(void *cls,
switch (optc) {
case 'w':
if (optarg)
- server_data.www_dir = strdup(optarg);
+ server_data.www_dir = realpath(optarg, NULL);
break;
case 'p':
if (optarg)
exit(EXIT_FAILURE);
}
- if (!server_data.www_dir)
- server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+ if (!server_data.www_dir) {
+ server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+ if (!server_data.www_dir) {
+ fprintf(stderr,
+ _("Webserver directory does not exist.\n"));
+ exit(EXIT_FAILURE);
+ }
+ }
if (!log_file)
log_file = strdup(DEFAULT_LOG_FILE);