summaryrefslogtreecommitdiff
path: root/pages/content.ecpp
diff options
context:
space:
mode:
Diffstat (limited to 'pages/content.ecpp')
-rw-r--r--pages/content.ecpp21
1 files changed, 11 insertions, 10 deletions
diff --git a/pages/content.ecpp b/pages/content.ecpp
index 9fdabf3..27d827c 100644
--- a/pages/content.ecpp
+++ b/pages/content.ecpp
@@ -23,21 +23,22 @@ if (request.getArgsCount() > 0) {
reply.setContentType(mime);
// dsyslog("vdrlive::content::mimetype(%s)", mime.c_str());
-// FileCache::ptr_type f = LiveFileCache().get("/tmp/live/" + request.getPathInfo());
string const path(request.getPathInfo());
-
// dsyslog("vdrlive::content: path = %s", path.c_str());
-FileCache::ptr_type f;
-
-string const epgImgPath(LiveSetup().GetEpgImageDir());
-if (!epgImgPath.empty() && path.find(epgImgPath) != string::npos) {
- f = LiveFileCache().get(path);
+// security checking of path. In order to not allow exploits the
+// path must be absolute and not contain any upward references (e.g '../')
+if (path.empty()) {
+ return HTTP_BAD_REQUEST;
}
-else {
- // dsyslog("vdrlive::content: retrieve from %s", Plugin::GetConfigDirectory().c_str());
- f = LiveFileCache().get(Plugin::GetConfigDirectory() + "/" + path);
+if ('/' != path[0]) {
+ return HTTP_BAD_REQUEST;
}
+if (string::npos != path.find("../", 1)) {
+ return HTTP_BAD_REQUEST;
+}
+
+FileCache::ptr_type f = LiveFileCache().get(path);
if (f.get() == 0) {
// dsyslog("vdrlive::content: DECLINED");
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-23 01:49:11 +0000