1.20b - URL parser now accounts for its own \.\ injection pattern. bugfix
This commit is contained in:
parent
00dcafb61c
commit
50c87f0348
|
@ -1,4 +1,4 @@
|
|||
Version 1.20b:
|
||||
Version 1.21b:
|
||||
--------------
|
||||
|
||||
- URL parser now accounts for its own \.\ injection pattern.
|
||||
|
|
2
config.h
2
config.h
|
@ -23,7 +23,7 @@
|
|||
#ifndef _HAVE_CONFIG_H
|
||||
#define _HAVE_CONFIG_H
|
||||
|
||||
#define VERSION "1.20b"
|
||||
#define VERSION "1.21b"
|
||||
|
||||
#define USE_COLOR 1 /* Use terminal colors */
|
||||
|
||||
|
|
|
@ -497,12 +497,13 @@ void tokenize_path(u8* str, struct http_request* req, u8 add_slash) {
|
|||
probes. This is to avoid recursion if it actually worked in some
|
||||
way. */
|
||||
|
||||
if (!strncmp((char*)cur, "\\.\\", 3)) {
|
||||
if (!strncmp((char*)cur, "\\.\\", 3) && (cur[3] == '/' || !cur[3])) {
|
||||
cur += 3;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!strncasecmp((char*)cur, "%5c.%5c", 7)) {
|
||||
if (!strncasecmp((char*)cur, "%5c.%5c", 7) &&
|
||||
(cur[7] == '/' || !cur[7])) {
|
||||
cur += 7;
|
||||
continue;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue