shithub: rc-gemd

Download patch

ref: 220cfb7a23dd0e6f6efb2cabe1389e723073e5b6
parent: 7fa8b48d8ee308ed95106f66d9376a79942c0080
author: Jacob Moody <[email protected]>
date: Sun Apr 3 18:02:27 EDT 2022

fix urlencode escape, copied from rc-httpd

--- a/handlers/dir-index
+++ b/handlers/dir-index
@@ -1,6 +1,10 @@
 #!/bin/rc
 full_path=`{echo $"fs_root^$"location | urlencode -d}
 full_path=$"full_path
+if(! ~ `{cleanname -d$fs_root $full_path} `{cleanname $fs_root}^*){
+	error 53 'path not allowed'
+	exit
+}
 
 echo '20 text/gemini'^$cr
 ls $full_path | sed '
--- a/handlers/serve-static
+++ b/handlers/serve-static
@@ -1,6 +1,10 @@
 #!/bin/rc
 full_path=`{echo $"fs_root^$"location | urlencode -d}
 full_path=$"full_path
+if(! ~ `{cleanname -d$fs_root $full_path} `{cleanname $fs_root}^*){
+	error 53 'path not allowed'
+	exit
+}
 
 if(! test -e $full_path){
 	error 51 'file does not exist'