From 0bfe34ab6b28c6a05e19b3412cf370257a3175bf Mon Sep 17 00:00:00 2001
From: GHXX <GHXX@gmx.at>
Date: Fri, 26 Jan 2024 19:49:04 +0100
Subject: [PATCH] improve static serve jail

---
 SimpleHttpServer/HttpServer.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SimpleHttpServer/HttpServer.cs b/SimpleHttpServer/HttpServer.cs
index 339ff2d..4900784 100644
--- a/SimpleHttpServer/HttpServer.cs
+++ b/SimpleHttpServer/HttpServer.cs
@@ -253,7 +253,7 @@ public sealed class HttpServer {
                         if (reqPath.StartsWith(k)) { // do a static serve
                             wasStaticlyServed = true;
                             var relativeStaticReqPath = reqPath[k.Length..];
-                            var staticResponsePath = Path.Combine(v, relativeStaticReqPath.TrimStart('/'));
+                            var staticResponsePath = Path.GetFullPath(Path.Join(v, relativeStaticReqPath.TrimStart('/')));
 
                             if (Path.GetRelativePath(v, staticResponsePath).Contains("..")) {
                                 requestLogger.Warning($"Blocked GET request to {reqPath} as somehow the target file does not lie inside the static serve folder? Are you using symlinks?");