| src/de/uhilger/neon/FileServer.java | ●●●●● patch | view | raw | blame | history | |
| src/de/uhilger/neon/HttpHelper.java | ●●●●● patch | view | raw | blame | history |
src/de/uhilger/neon/FileServer.java
@@ -58,9 +58,13 @@ String fName = exchange.getRequestURI().getPath(); try { fName = new HttpHelper().getFileName(exchange); File fileToDeliver = new File((String) exchange String fBase = (String) exchange .getHttpContext().getAttributes() .getOrDefault(ATTR_FILE_BASE, STR_EMPTY), fName); .getOrDefault(ATTR_FILE_BASE, STR_EMPTY); //File fileToDeliver = new File((String) exchange // .getHttpContext().getAttributes() // .getOrDefault(ATTR_FILE_BASE, STR_EMPTY), fName); File fileToDeliver = new File(fBase, fName); Headers headers = exchange.getRequestHeaders(); if (headers.containsKey(RANGE_HEADER)) { new PartialFileServer().serveFileParts(exchange, fileToDeliver); src/de/uhilger/neon/HttpHelper.java
@@ -61,14 +61,14 @@ public String getFileName(HttpExchange e) throws IllegalArgumentException { String ctxPath = e.getHttpContext().getPath(); String uriPath = e.getRequestURI().getPath(); return fixFileName(uriPath.substring(ctxPath.length())); return inspectFileName(uriPath.substring(ctxPath.length())); } public String fixFileName(String fileName) throws IllegalArgumentException { public String inspectFileName(String fileName) throws IllegalArgumentException { if (fileName == null || fileName.contains("..") || fileName.contains("/") || fileName.contains("\\")) { || fileName.contains("..")) { //|| fileName.contains("/") //|| fileName.contains("\\")) { throw new IllegalArgumentException("Invalid file name"); } return fileName;
