improve static serve jail

2024-01-26 19:49:04 +01:00 · 2024-01-26 19:49:04 +01:00 · 0bfe34ab6b
parent 6cc849bf01
commit 0bfe34ab6b
1 changed files with 1 additions and 1 deletions
--- a/SimpleHttpServer/HttpServer.cs
+++ b/SimpleHttpServer/HttpServer.cs
@ -253,7 +253,7 @@ public sealed class HttpServer {
                        if (reqPath.StartsWith(k)) { // do a static serve
                            wasStaticlyServed = true;
                            var relativeStaticReqPath = reqPath[k.Length..];
-                            var staticResponsePath = Path.Combine(v, relativeStaticReqPath.TrimStart('/'));
+                            var staticResponsePath = Path.GetFullPath(Path.Join(v, relativeStaticReqPath.TrimStart('/')));

                            if (Path.GetRelativePath(v, staticResponsePath).Contains("..")) {
                                requestLogger.Warning($"Blocked GET request to {reqPath} as somehow the target file does not lie inside the static serve folder? Are you using symlinks?");