| 1 | #!/usr/bin/perl |
1 | #!/opt/bin/perl |
| 2 | |
2 | |
| 3 | # this is a relatively small web-server, using coroutines for connections. |
3 | # this is a relatively small web-server, using coroutines for connections. |
| 4 | # play around with it but do not use it in production without checking it |
4 | # play around with it but do not use it in production without checking it |
| 5 | # works for you. ask myhttpd@plan9.de in case of problems, or if you are |
5 | # works for you. ask myhttpd@plan9.de in case of problems, or if you are |
| 6 | # interested in a newer version (more useless features). |
6 | # interested in a newer version (more useless features). |
| … | |
… | |
| 171 | sub map_uri { |
171 | sub map_uri { |
| 172 | my $self = shift; |
172 | my $self = shift; |
| 173 | my $host = $self->{h}{host} || "default"; |
173 | my $host = $self->{h}{host} || "default"; |
| 174 | my $uri = $self->{uri}; |
174 | my $uri = $self->{uri}; |
| 175 | |
175 | |
|
|
176 | $host =~ /[\/\\]/ |
|
|
177 | and $self->err(400, "bad request"); |
|
|
178 | |
| 176 | # some massaging, also makes it more secure |
179 | # some massaging, also makes it more secure |
| 177 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
180 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
| 178 | $uri =~ s%//+%/%g; |
181 | $uri =~ s%//+%/%g; |
| 179 | $uri =~ s%/\.(?=/|$)%%g; |
182 | $uri =~ s%/\.(?=/|$)%%g; |
| 180 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |
183 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |
