1.22b - bugfix - URL parser now accounts for its own \.\ injection pattern.
This commit is contained in:
parent
50c87f0348
commit
942cb96f58
|
@ -1,4 +1,4 @@
|
|||
Version 1.21b:
|
||||
Version 1.22b:
|
||||
--------------
|
||||
|
||||
- URL parser now accounts for its own \.\ injection pattern.
|
||||
|
|
2
config.h
2
config.h
|
@ -23,7 +23,7 @@
|
|||
#ifndef _HAVE_CONFIG_H
|
||||
#define _HAVE_CONFIG_H
|
||||
|
||||
#define VERSION "1.21b"
|
||||
#define VERSION "1.22b"
|
||||
|
||||
#define USE_COLOR 1 /* Use terminal colors */
|
||||
|
||||
|
|
|
@ -497,14 +497,14 @@ void tokenize_path(u8* str, struct http_request* req, u8 add_slash) {
|
|||
probes. This is to avoid recursion if it actually worked in some
|
||||
way. */
|
||||
|
||||
if (!strncmp((char*)cur, "\\.\\", 3) && (cur[3] == '/' || !cur[3])) {
|
||||
cur += 3;
|
||||
if (!strncmp((char*)cur, "/\\.\\", 4) && (cur[4] == '/' || !cur[4])) {
|
||||
cur += 4;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!strncasecmp((char*)cur, "%5c.%5c", 7) &&
|
||||
(cur[7] == '/' || !cur[7])) {
|
||||
cur += 7;
|
||||
if (!strncasecmp((char*)cur, "/%5c.%5c", 8) &&
|
||||
(cur[8] == '/' || !cur[8])) {
|
||||
cur += 8;
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue