mirror of
https://github.com/BlueMap-Minecraft/BlueMap.git
synced 2024-11-13 06:14:30 +01:00
Prevent the integrated webserver from sending raw php files
This commit is contained in:
parent
bce498955f
commit
a0f34d3d96
@ -51,13 +51,11 @@ public FileRequestHandler(Path webRoot) {
|
||||
@Override
|
||||
public HttpResponse handle(HttpRequest request) {
|
||||
if (
|
||||
!request.getMethod().equalsIgnoreCase("GET") &&
|
||||
!request.getMethod().equalsIgnoreCase("POST")
|
||||
) return new HttpResponse(HttpStatusCode.NOT_IMPLEMENTED);
|
||||
!request.getMethod().equalsIgnoreCase("GET")
|
||||
) return new HttpResponse(HttpStatusCode.BAD_REQUEST);
|
||||
|
||||
HttpResponse response = generateResponse(request);
|
||||
|
||||
|
||||
return response;
|
||||
}
|
||||
|
||||
@ -103,6 +101,11 @@ private HttpResponse generateResponse(HttpRequest request) {
|
||||
return new HttpResponse(HttpStatusCode.NOT_FOUND);
|
||||
}
|
||||
|
||||
// don't send php files
|
||||
if (file.getName().endsWith(".php")) {
|
||||
return new HttpResponse(HttpStatusCode.FORBIDDEN);
|
||||
}
|
||||
|
||||
// check if file is still in web-root and is not a directory
|
||||
if (!file.toPath().normalize().startsWith(webRoot) || file.isDirectory()){
|
||||
return new HttpResponse(HttpStatusCode.FORBIDDEN);
|
||||
|
Loading…
Reference in New Issue
Block a user