X-Git-Url: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=95998c8deb916813798042df837170f2600170c4;hp=f4161479d0db37a1fbcf6f83871651cca5ee56ae;hb=8b10426dcc0246c1712a99460dd470dcb1cc4d9c;hpb=aff5c89b367d5247e5867f38c46ed9aa68d756bf

diff --git a/src/server/server.c b/src/server/server.c
index f416147..95998c8 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -23,6 +23,7 @@
 #include <libintl.h>
 #define _(str) gettext(str)
 
+#include <limits.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -245,14 +246,25 @@ static struct MHD_Response *create_response_file(const char *nurl,
 static struct MHD_Response *
 create_response(const char *nurl, const char *method, unsigned int *rp_code)
 {
+	char *page, *fpath, *rpath;
 	struct MHD_Response *resp = NULL;
+	int n;
 
 	if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
 		resp = create_response_api(nurl, method, rp_code);
 	} else {
-		char *fpath = get_path(nurl, server_data.www_dir);
-
-		resp = create_response_file(nurl, method, rp_code, fpath);
+		fpath = get_path(nurl, server_data.www_dir);
+
+		rpath = realpath(fpath, NULL);
+		if (rpath) {
+			n = strlen(server_data.www_dir);
+			if (!strncmp(server_data.www_dir, rpath, n))
+				resp = create_response_file(nurl,
+							    method,
+							    rp_code,
+							    fpath);
+			free(rpath);
+		}
 
 		free(fpath);
 	}
@@ -260,7 +272,7 @@ create_response(const char *nurl, const char *method, unsigned int *rp_code)
 	if (resp)
 		return resp;
 
-	char *page = strdup(PAGE_NOT_FOUND);
+	page = strdup(PAGE_NOT_FOUND);
 	*rp_code = MHD_HTTP_NOT_FOUND;
 
 	return MHD_create_response_from_data(strlen(page),
@@ -348,7 +360,7 @@ int main(int argc, char *argv[])
 		switch (optc) {
 		case 'w':
 			if (optarg)
-				server_data.www_dir = strdup(optarg);
+				server_data.www_dir = realpath(optarg, NULL);
 			break;
 		case 'p':
 			if (optarg)
@@ -387,8 +399,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (!server_data.www_dir)
-		server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+	if (!server_data.www_dir) {
+		server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+		if (!server_data.www_dir) {
+			fprintf(stderr,
+				_("Webserver directory does not exist.\n"));
+			exit(EXIT_FAILURE);
+		}
+	}
 
 	if (!log_file)
 		log_file = strdup(DEFAULT_LOG_FILE);
@@ -464,7 +482,7 @@ int main(int argc, char *argv[])
 	psensor_free(server_data.cpu_usage);
 #endif
 	free(server_data.www_dir);
-	sensors_cleanup();
+	lmsensor_cleanup();
 
 #ifdef HAVE_GTOP
 	sysinfo_cleanup();