#include <libintl.h>
#define _(str) gettext(str)
+#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
static struct MHD_Response *
create_response(const char *nurl, const char *method, unsigned int *rp_code)
{
+ char *page, *fpath, *rpath;
struct MHD_Response *resp = NULL;
+ int n;
if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
resp = create_response_api(nurl, method, rp_code);
} else {
- char *fpath = get_path(nurl, server_data.www_dir);
-
- resp = create_response_file(nurl, method, rp_code, fpath);
+ fpath = get_path(nurl, server_data.www_dir);
+
+ rpath = realpath(fpath, NULL);
+ if (rpath) {
+ n = strlen(server_data.www_dir);
+ if (!strncmp(server_data.www_dir, rpath, n))
+ resp = create_response_file(nurl,
+ method,
+ rp_code,
+ fpath);
+ free(rpath);
+ }
free(fpath);
}
if (resp)
return resp;
- char *page = strdup(PAGE_NOT_FOUND);
+ page = strdup(PAGE_NOT_FOUND);
*rp_code = MHD_HTTP_NOT_FOUND;
return MHD_create_response_from_data(strlen(page),
switch (optc) {
case 'w':
if (optarg)
- server_data.www_dir = strdup(optarg);
+ server_data.www_dir = realpath(optarg, NULL);
break;
case 'p':
if (optarg)
exit(EXIT_FAILURE);
}
- if (!server_data.www_dir)
- server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+ if (!server_data.www_dir) {
+ server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+ if (!server_data.www_dir) {
+ fprintf(stderr,
+ _("Webserver directory does not exist.\n"));
+ exit(EXIT_FAILURE);
+ }
+ }
if (!log_file)
log_file = strdup(DEFAULT_LOG_FILE);
psensor_free(server_data.cpu_usage);
#endif
free(server_data.www_dir);
- sensors_cleanup();
+ lmsensor_cleanup();
#ifdef HAVE_GTOP
sysinfo_cleanup();