1 | #!/usr/bin/perl |
1 | #!/opt/bin/perl |
2 | |
2 | |
3 | # this is a relatively small web-server, using coroutines for connections. |
3 | # this is a relatively small web-server, using coroutines for connections. |
4 | # play around with it but do not use it in production without checking it |
4 | # play around with it but do not use it in production without checking it |
5 | # works for you. ask myhttpd@plan9.de in case of problems, or if you are |
5 | # works for you. ask myhttpd@plan9.de in case of problems, or if you are |
6 | # interested in a newer version (more useless features). |
6 | # interested in a newer version (more useless features). |
… | |
… | |
171 | sub map_uri { |
171 | sub map_uri { |
172 | my $self = shift; |
172 | my $self = shift; |
173 | my $host = $self->{h}{host} || "default"; |
173 | my $host = $self->{h}{host} || "default"; |
174 | my $uri = $self->{uri}; |
174 | my $uri = $self->{uri}; |
175 | |
175 | |
|
|
176 | $host =~ /[\/\\]/ |
|
|
177 | and $self->err(400, "bad request"); |
|
|
178 | |
176 | # some massaging, also makes it more secure |
179 | # some massaging, also makes it more secure |
177 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
180 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
178 | $uri =~ s%//+%/%g; |
181 | $uri =~ s%//+%/%g; |
179 | $uri =~ s%/\.(?=/|$)%%g; |
182 | $uri =~ s%/\.(?=/|$)%%g; |
180 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |
183 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |