From a1027d4499cfad752d6c449b407bb1f8dc4e16d2 Mon Sep 17 00:00:00 2001
From: ulrich
Date: Mon, 04 Nov 2024 12:29:52 +0000
Subject: [PATCH] inspectFileName angepasst

---
 src/de/uhilger/neon/FileServer.java |    8 ++++++--
 src/de/uhilger/neon/HttpHelper.java |   10 +++++-----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/de/uhilger/neon/FileServer.java b/src/de/uhilger/neon/FileServer.java
index b768961..b38245a 100644
--- a/src/de/uhilger/neon/FileServer.java
+++ b/src/de/uhilger/neon/FileServer.java
@@ -58,9 +58,13 @@
     String fName = exchange.getRequestURI().getPath();
     try {
       fName = new HttpHelper().getFileName(exchange);
-      File fileToDeliver = new File((String) exchange
+      String fBase = (String) exchange
               .getHttpContext().getAttributes()
-              .getOrDefault(ATTR_FILE_BASE, STR_EMPTY), fName);
+              .getOrDefault(ATTR_FILE_BASE, STR_EMPTY);
+      //File fileToDeliver = new File((String) exchange
+         //     .getHttpContext().getAttributes()
+           //   .getOrDefault(ATTR_FILE_BASE, STR_EMPTY), fName);
+      File fileToDeliver = new File(fBase, fName);
       Headers headers = exchange.getRequestHeaders();
       if (headers.containsKey(RANGE_HEADER)) {
         new PartialFileServer().serveFileParts(exchange, fileToDeliver);
diff --git a/src/de/uhilger/neon/HttpHelper.java b/src/de/uhilger/neon/HttpHelper.java
index f76cfa2..c2485d8 100644
--- a/src/de/uhilger/neon/HttpHelper.java
+++ b/src/de/uhilger/neon/HttpHelper.java
@@ -61,14 +61,14 @@
   public String getFileName(HttpExchange e) throws IllegalArgumentException {
     String ctxPath = e.getHttpContext().getPath();
     String uriPath = e.getRequestURI().getPath();
-    return fixFileName(uriPath.substring(ctxPath.length()));
+    return inspectFileName(uriPath.substring(ctxPath.length()));
   }
   
-  public String fixFileName(String fileName) throws IllegalArgumentException {
+  public String inspectFileName(String fileName) throws IllegalArgumentException {
     if (fileName == null
-            || fileName.contains("..")
-            || fileName.contains("/")
-            || fileName.contains("\\")) {
+            || fileName.contains("..")) {
+            //|| fileName.contains("/")
+            //|| fileName.contains("\\")) {
       throw new IllegalArgumentException("Invalid file name");
     }
     return fileName;

--
Gitblit v1.9.3