version 1.1, 2002/10/29 20:21:32
|
version 1.2, 2002/10/29 20:57:31
|
Line 108 sub serve_request {
|
Line 108 sub serve_request {
|
# prevent directory go-back |
# prevent directory go-back |
$url=~/\.\./ && do { &error(403,$url,"contains go-back"); return; }; |
$url=~/\.\./ && do { &error(403,$url,"contains go-back"); return; }; |
|
|
|
# Multiple slashes do happen |
|
$url=~s/\/+/\//g; |
|
|
# Check access control |
# Check access control |
unless (($url=~/^\/res\/adm\//) || ($url=~/^\/adm\//)) { |
unless (($url=~/^\/res\/adm\//) || ($url=~/^\/adm\//)) { |
do { &error(403,$url,"not on allow list"); return; }; |
do { &error(403,$url,"not on allow list"); return; }; |