Fixed directory traversal bug with direcotry listing

tests
Sebastian Lohff 9 years ago
parent 11ad07cc76
commit cd7eee21be

@ -305,6 +305,15 @@ class DirListingHandler(FileBaseHandler):
""" Send file or directory index, depending on requested path """ """ Send file or directory index, depending on requested path """
path = self.getCleanPath() path = self.getCleanPath()
# check if path is in current serving directory
currBaseDir = os.path.abspath(self.targetDir) + os.path.sep
requestPath = os.path.normpath(os.path.join(currBaseDir, path)) + os.path.sep
if not requestPath.startswith(currBaseDir):
self.send_response(301)
self.send_header("Location", '/')
self.end_headers()
return
if os.path.isdir(path): if os.path.isdir(path):
if not self.path.endswith('/'): if not self.path.endswith('/'):
self.send_response(301) self.send_response(301)

Loading…
Cancel
Save