X-Git-Url: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=95998c8deb916813798042df837170f2600170c4;hp=3db6828760f47e0d0a081a519b3b79d3158c5b08;hb=8b10426dcc0246c1712a99460dd470dcb1cc4d9c;hpb=60f6135a421095b240b984898e555df284f3b77f

diff --git a/src/server/server.c b/src/server/server.c
index 3db6828..95998c8 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -23,6 +23,7 @@
 #include <libintl.h>
 #define _(str) gettext(str)
 
+#include <limits.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -245,15 +246,25 @@ static struct MHD_Response *create_response_file(const char *nurl,
 static struct MHD_Response *
 create_response(const char *nurl, const char *method, unsigned int *rp_code)
 {
-	char *page, *fpath;
+	char *page, *fpath, *rpath;
 	struct MHD_Response *resp = NULL;
+	int n;
 
 	if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
 		resp = create_response_api(nurl, method, rp_code);
 	} else {
 		fpath = get_path(nurl, server_data.www_dir);
 
-		resp = create_response_file(nurl, method, rp_code, fpath);
+		rpath = realpath(fpath, NULL);
+		if (rpath) {
+			n = strlen(server_data.www_dir);
+			if (!strncmp(server_data.www_dir, rpath, n))
+				resp = create_response_file(nurl,
+							    method,
+							    rp_code,
+							    fpath);
+			free(rpath);
+		}
 
 		free(fpath);
 	}
@@ -349,7 +360,7 @@ int main(int argc, char *argv[])
 		switch (optc) {
 		case 'w':
 			if (optarg)
-				server_data.www_dir = strdup(optarg);
+				server_data.www_dir = realpath(optarg, NULL);
 			break;
 		case 'p':
 			if (optarg)
@@ -388,8 +399,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (!server_data.www_dir)
-		server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+	if (!server_data.www_dir) {
+		server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+		if (!server_data.www_dir) {
+			fprintf(stderr,
+				_("Webserver directory does not exist.\n"));
+			exit(EXIT_FAILURE);
+		}
+	}
 
 	if (!log_file)
 		log_file = strdup(DEFAULT_LOG_FILE);