X-Git-Url: https://git.wpitchoune.net/gitweb/?p=psensor.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=fb6b63c3826dc8c981fa3dfe992de40b37778d76;hp=1e799ab9ae50e10304033c22dcaa9ee8f2931ed9;hb=c1e20f2631a1249720e9c75d753eacfcb0f6c7b9;hpb=b83277099fda6f8145d9fa0e756349109ed36d2d

diff --git a/src/server/server.c b/src/server/server.c
index 1e799ab..fb6b63c 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2014 jeanfi@gmail.com
+ * Copyright (C) 2010-2016 jeanfi@gmail.com
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
@@ -244,28 +244,52 @@ static struct MHD_Response *create_response_file(const char *nurl,
 	return NULL;
 }
 
+static int is_access_allowed(char *path)
+{
+	char *rpath;
+	int n, ret;
+
+	rpath = realpath(path, NULL);
+	if (rpath) {
+		n = strlen(server_data.www_dir);
+		if (!strncmp(server_data.www_dir, rpath, n)
+		    || !strcmp(rpath,
+			       "/usr/share/javascript/jquery/jquery.js")) {
+			ret = 1;
+		} else {
+			ret = 0;
+
+			log_err(_("Resource access refused %s real path is %s"),
+				path,
+				rpath);
+		}
+
+		free(rpath);
+	} else {
+		log_err(_("Cannot get real path of %s"), path);
+
+		ret = 0;
+	}
+
+	return ret;
+}
+
 static struct MHD_Response *
 create_response(const char *nurl, const char *method, unsigned int *rp_code)
 {
-	char *page, *fpath, *rpath;
+	char *page, *fpath;
 	struct MHD_Response *resp = NULL;
-	int n;
 
 	if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
 		resp = create_response_api(nurl, method, rp_code);
 	} else {
 		fpath = get_path(nurl, server_data.www_dir);
 
-		rpath = realpath(fpath, NULL);
-		if (rpath) {
-			n = strlen(server_data.www_dir);
-			if (!strncmp(server_data.www_dir, rpath, n))
-				resp = create_response_file(nurl,
-							    method,
-							    rp_code,
-							    fpath);
-			free(rpath);
-		}
+		if (is_access_allowed(fpath))
+			resp = create_response_file(nurl,
+						    method,
+						    rp_code,
+						    fpath);
 
 		free(fpath);
 	}
@@ -424,7 +448,7 @@ int main(int argc, char *argv[])
 	server_data.cpu_usage = create_cpu_usage_sensor(600);
 #endif
 
-	if (!*server_data.sensors)
+	if (!server_data.sensors || !*server_data.sensors)
 		log_err(_("No sensors detected."));
 
 	d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION,