/*
- * Copyright (C) 2010-2014 jeanfi@gmail.com
+ * Copyright (C) 2010-2016 jeanfi@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
return NULL;
}
+static int is_access_allowed(char *path)
+{
+ char *rpath;
+ int n, ret;
+
+ rpath = realpath(path, NULL);
+ if (rpath) {
+ n = strlen(server_data.www_dir);
+ if (!strncmp(server_data.www_dir, rpath, n)
+ || !strcmp(rpath,
+ "/usr/share/javascript/jquery/jquery.js")) {
+ ret = 1;
+ } else {
+ ret = 0;
+
+ log_err(_("Resource access refused %s real path is %s"),
+ path,
+ rpath);
+ }
+
+ free(rpath);
+ } else {
+ log_err(_("Cannot get real path of %s"), path);
+
+ ret = 0;
+ }
+
+ return ret;
+}
+
static struct MHD_Response *
create_response(const char *nurl, const char *method, unsigned int *rp_code)
{
- char *page, *fpath, *rpath;
+ char *page, *fpath;
struct MHD_Response *resp = NULL;
- int n;
if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
resp = create_response_api(nurl, method, rp_code);
} else {
fpath = get_path(nurl, server_data.www_dir);
- rpath = realpath(fpath, NULL);
- if (rpath) {
- n = strlen(server_data.www_dir);
- if (!strncmp(server_data.www_dir, rpath, n))
- resp = create_response_file(nurl,
- method,
- rp_code,
- fpath);
- free(rpath);
- }
+ if (is_access_allowed(fpath))
+ resp = create_response_file(nurl,
+ method,
+ rp_code,
+ fpath);
free(fpath);
}