From f9dad9ffdd41c00d1fc7420f2f55983c7f6df8bc Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Sat, 22 Mar 2014 20:31:35 +0100 Subject: cgi: compare the physical path instead of the url to detect quirky urls Signed-off-by: Felix Fietkau --- cgi.c | 2 +- main.c | 20 ++++++++++++++------ uhttpd.h | 1 + 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/cgi.c b/cgi.c index c4438b0..62be0a3 100644 --- a/cgi.c +++ b/cgi.c @@ -103,7 +103,7 @@ static bool check_cgi_path(struct path_info *pi, const char *url) } pi->ip = NULL; - return uh_path_match(conf.cgi_prefix, url); + return uh_path_match(conf.cgi_docroot_path, pi->phys); } struct dispatch_handler cgi_dispatch = { diff --git a/main.c b/main.c index e53a311..99a4025 100644 --- a/main.c +++ b/main.c @@ -183,6 +183,13 @@ static void init_defaults_post(void) uh_index_add("index.htm"); uh_index_add("default.html"); uh_index_add("default.htm"); + + if (conf.cgi_prefix) { + char *str = malloc(strlen(conf.docroot) + strlen(conf.cgi_prefix) + 1); + strcpy(str, conf.docroot); + strcat(str, conf.cgi_prefix); + conf.cgi_docroot_path = str; + }; } static void fixup_prefix(char *str) @@ -406,12 +413,6 @@ int main(int argc, char **argv) } uh_config_parse(); - init_defaults_post(); - - if (!bound) { - fprintf(stderr, "Error: No sockets bound, unable to continue\n"); - return 1; - } if (!conf.docroot) { if (!realpath(".", uh_buf)) { @@ -421,6 +422,13 @@ int main(int argc, char **argv) conf.docroot = strdup(uh_buf); } + init_defaults_post(); + + if (!bound) { + fprintf(stderr, "Error: No sockets bound, unable to continue\n"); + return 1; + } + #ifdef HAVE_TLS if (n_tls) { if (!tls_crt || !tls_key) { diff --git a/uhttpd.h b/uhttpd.h index cace950..daf68ce 100644 --- a/uhttpd.h +++ b/uhttpd.h @@ -52,6 +52,7 @@ struct config { const char *file; const char *error_handler; const char *cgi_prefix; + const char *cgi_docroot_path; const char *cgi_path; const char *lua_handler; const char *lua_prefix; -- cgit v1.2.3