summaryrefslogtreecommitdiffhomepage
path: root/plugins/static-files/static-files.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/static-files/static-files.cpp')
-rw-r--r--plugins/static-files/static-files.cpp14
1 files changed, 11 insertions, 3 deletions
diff --git a/plugins/static-files/static-files.cpp b/plugins/static-files/static-files.cpp
index 3f1c63a..345cf56 100644
--- a/plugins/static-files/static-files.cpp
+++ b/plugins/static-files/static-files.cpp
@@ -76,9 +76,17 @@ std::string static_files_plugin::generate_page(
if (method != "GET" && method != "HEAD")
return HttpStatus("400", "Unknown HTTP method", SetResponseHeader);
- // Request path must not contain "..".
- std::string rel_target{GetRequestParam("rel_target")};
std::string target{GetRequestParam("target")};
+ size_t pos{target.find('?')};
+ if (pos != target.npos)
+ target = target.substr(0, pos);
+
+ std::string rel_target{GetRequestParam("rel_target")};
+ pos = rel_target.find('?');
+ if (pos != rel_target.npos)
+ rel_target = rel_target.substr(0, pos);
+
+ // Request path must not contain "..".
if (rel_target.find("..") != std::string::npos) {
return HttpStatus("400", "Illegal request: "s + target, SetResponseHeader);
}
@@ -97,7 +105,7 @@ std::string static_files_plugin::generate_page(
try {
return getFile(path);
} catch (const std::runtime_error& ex) {
- return HttpStatus("404", "Not found: "s + GetRequestParam("target"), SetResponseHeader);
+ return HttpStatus("404", "Not found: "s + target, SetResponseHeader);
} catch (const std::exception& ex) {
return HttpStatus("500", "Internal Server Error: "s + ex.what(), SetResponseHeader);
}