diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/examples/demo.c | 19 | ||||
-rw-r--r-- | src/examples/demo_https.c | 3 | ||||
-rw-r--r-- | src/examples/fileserver_example.c | 22 |
3 files changed, 32 insertions, 12 deletions
diff --git a/src/examples/demo.c b/src/examples/demo.c index 7d6d1bd8..7b2064e2 100644 --- a/src/examples/demo.c +++ b/src/examples/demo.c | |||
@@ -693,12 +693,19 @@ generate_page (void *cls, | |||
693 | if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) && | 693 | if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) && |
694 | (0 != strcmp (method, MHD_HTTP_METHOD_HEAD)) ) | 694 | (0 != strcmp (method, MHD_HTTP_METHOD_HEAD)) ) |
695 | return MHD_NO; /* unexpected method (we're not polite...) */ | 695 | return MHD_NO; /* unexpected method (we're not polite...) */ |
696 | if ( (0 == stat (&url[1], &buf)) && | 696 | fd = -1; |
697 | (NULL == strstr (&url[1], "..")) && | 697 | if ( (NULL == strstr (&url[1], "..")) && |
698 | ('/' != url[1])) | 698 | ('/' != url[1]) ) |
699 | fd = open (&url[1], O_RDONLY); | 699 | { |
700 | else | 700 | fd = open (&url[1], O_RDONLY); |
701 | fd = -1; | 701 | if ( (-1 != fd) && |
702 | ( (0 != fstat (fd, &buf)) || | ||
703 | (! S_ISREG (buf.st_mode)) ) ) | ||
704 | { | ||
705 | (void) close (fd); | ||
706 | fd = -1; | ||
707 | } | ||
708 | } | ||
702 | if (-1 == fd) | 709 | if (-1 == fd) |
703 | return MHD_queue_response (connection, | 710 | return MHD_queue_response (connection, |
704 | MHD_HTTP_NOT_FOUND, | 711 | MHD_HTTP_NOT_FOUND, |
diff --git a/src/examples/demo_https.c b/src/examples/demo_https.c index 1dff3ee9..ad986148 100644 --- a/src/examples/demo_https.c +++ b/src/examples/demo_https.c | |||
@@ -668,7 +668,7 @@ return_directory_response (struct MHD_Connection *connection) | |||
668 | * @param upload_data data from upload (PUT/POST) | 668 | * @param upload_data data from upload (PUT/POST) |
669 | * @param upload_data_size number of bytes in "upload_data" | 669 | * @param upload_data_size number of bytes in "upload_data" |
670 | * @param ptr our context | 670 | * @param ptr our context |
671 | * @return MHD_YES on success, MHD_NO to drop connection | 671 | * @return #MHD_YES on success, #MHD_NO to drop connection |
672 | */ | 672 | */ |
673 | static int | 673 | static int |
674 | generate_page (void *cls, | 674 | generate_page (void *cls, |
@@ -694,7 +694,6 @@ generate_page (void *cls, | |||
694 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) | 694 | if (0 != strcmp (method, MHD_HTTP_METHOD_GET)) |
695 | return MHD_NO; /* unexpected method (we're not polite...) */ | 695 | return MHD_NO; /* unexpected method (we're not polite...) */ |
696 | fd = -1; | 696 | fd = -1; |
697 | |||
698 | if ( (NULL == strstr (&url[1], "..")) && | 697 | if ( (NULL == strstr (&url[1], "..")) && |
699 | ('/' != url[1]) ) | 698 | ('/' != url[1]) ) |
700 | { | 699 | { |
diff --git a/src/examples/fileserver_example.c b/src/examples/fileserver_example.c index e18ae747..9637bffc 100644 --- a/src/examples/fileserver_example.c +++ b/src/examples/fileserver_example.c | |||
@@ -63,6 +63,7 @@ ahc_echo (void *cls, | |||
63 | struct MHD_Response *response; | 63 | struct MHD_Response *response; |
64 | int ret; | 64 | int ret; |
65 | FILE *file; | 65 | FILE *file; |
66 | int fd; | ||
66 | struct stat buf; | 67 | struct stat buf; |
67 | 68 | ||
68 | if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) && | 69 | if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) && |
@@ -75,10 +76,23 @@ ahc_echo (void *cls, | |||
75 | return MHD_YES; | 76 | return MHD_YES; |
76 | } | 77 | } |
77 | *ptr = NULL; /* reset when done */ | 78 | *ptr = NULL; /* reset when done */ |
78 | if (0 == stat (&url[1], &buf)) | 79 | file = fopen (&url[1], "rb"); |
79 | file = fopen (&url[1], "rb"); | 80 | if (NULL != file) |
80 | else | 81 | { |
81 | file = NULL; | 82 | fd = fileno (file); |
83 | if (-1 == fd) | ||
84 | { | ||
85 | (void) fclose (file); | ||
86 | return MHD_NO; /* internal error */ | ||
87 | } | ||
88 | if ( (0 != fstat (fd, &buf)) || | ||
89 | (! S_ISREG (buf.st_mode)) ) | ||
90 | { | ||
91 | /* not a regular file, refuse to serve */ | ||
92 | fclose (file); | ||
93 | file = NULL; | ||
94 | } | ||
95 | } | ||
82 | if (NULL == file) | 96 | if (NULL == file) |
83 | { | 97 | { |
84 | response = MHD_create_response_from_buffer (strlen (PAGE), | 98 | response = MHD_create_response_from_buffer (strlen (PAGE), |