Prevent the integrated webserver from sending raw php files
This commit is contained in:
parent
bce498955f
commit
a0f34d3d96
|
@ -51,13 +51,11 @@ public class FileRequestHandler implements HttpRequestHandler {
|
||||||
@Override
|
@Override
|
||||||
public HttpResponse handle(HttpRequest request) {
|
public HttpResponse handle(HttpRequest request) {
|
||||||
if (
|
if (
|
||||||
!request.getMethod().equalsIgnoreCase("GET") &&
|
!request.getMethod().equalsIgnoreCase("GET")
|
||||||
!request.getMethod().equalsIgnoreCase("POST")
|
) return new HttpResponse(HttpStatusCode.BAD_REQUEST);
|
||||||
) return new HttpResponse(HttpStatusCode.NOT_IMPLEMENTED);
|
|
||||||
|
|
||||||
HttpResponse response = generateResponse(request);
|
HttpResponse response = generateResponse(request);
|
||||||
|
|
||||||
|
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -103,6 +101,11 @@ public class FileRequestHandler implements HttpRequestHandler {
|
||||||
return new HttpResponse(HttpStatusCode.NOT_FOUND);
|
return new HttpResponse(HttpStatusCode.NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// don't send php files
|
||||||
|
if (file.getName().endsWith(".php")) {
|
||||||
|
return new HttpResponse(HttpStatusCode.FORBIDDEN);
|
||||||
|
}
|
||||||
|
|
||||||
// check if file is still in web-root and is not a directory
|
// check if file is still in web-root and is not a directory
|
||||||
if (!file.toPath().normalize().startsWith(webRoot) || file.isDirectory()){
|
if (!file.toPath().normalize().startsWith(webRoot) || file.isDirectory()){
|
||||||
return new HttpResponse(HttpStatusCode.FORBIDDEN);
|
return new HttpResponse(HttpStatusCode.FORBIDDEN);
|
||||||
|
|
Loading…
Reference in New Issue