You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@locus.apache.org on 2000/09/22 20:26:37 UTC
cvs commit: apache-1.3/src/modules/standard mod_include.c
wrowe 00/09/22 11:26:35
Modified: src/modules/standard mod_include.c
Log:
Correction to relative path test for Novell... disallow ':'.
Revision Changes Path
1.124 +5 -0 apache-1.3/src/modules/standard/mod_include.c
Index: mod_include.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- mod_include.c 2000/06/01 23:42:28 1.123
+++ mod_include.c 2000/09/22 18:26:32 1.124
@@ -622,11 +622,16 @@
* ensentially ensure that it does not match the regex:
* (^/|(^|/)\.\.(/|$))
* XXX: this needs os abstraction... consider c:..\foo in win32
+ * ???: No, c:../foo is not relative to ., it's potentially on another volume
*/
static int is_only_below(const char *path)
{
#ifdef HAVE_DRIVE_LETTERS
if (path[1] == ':')
+ return 0;
+#endif
+#ifdef NETWARE
+ if (strchr(path, ':'))
return 0;
#endif
if (path[0] == '/') {