summaryrefslogtreecommitdiff
path: root/networking/httpd_indexcgi.c
diff options
context:
space:
mode:
Diffstat (limited to 'networking/httpd_indexcgi.c')
-rw-r--r--networking/httpd_indexcgi.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 7e0225e..d732cd4 100644
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -221,20 +221,25 @@ int main(int argc, char *argv[])
unsigned long long size_total;
int odd;
DIR *dirp;
- char *QUERY_STRING;
-
- QUERY_STRING = getenv("QUERY_STRING");
- if (!QUERY_STRING
- || QUERY_STRING[0] != '/'
- || strstr(QUERY_STRING, "//")
- || strstr(QUERY_STRING, "/../")
- || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+ char *location;
+
+ location = getenv("REQUEST_URI");
+ if (!location)
+ return 1;
+
+ /* drop URL arguments if any */
+ strchrnul(location, '?')[0] = '\0';
+
+ if (location[0] != '/'
+ || strstr(location, "//")
+ || strstr(location, "/../")
+ || strcmp(strrchr(location, '/'), "/..") == 0
) {
return 1;
}
if (chdir("..")
- || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+ || (location[1] && chdir(location + 1))
) {
return 1;
}
@@ -271,14 +276,14 @@ int main(int argc, char *argv[])
"\r\n" /* Mandatory empty line after headers */
"<html><head><title>Index of ");
/* Guard against directories with &, > etc */
- fmt_html(QUERY_STRING);
+ fmt_html(location);
fmt_str(
"</title>\n"
STYLE_STR
"</head>" "\n"
"<body>" "\n"
"<h1>Index of ");
- fmt_html(QUERY_STRING);
+ fmt_html(location);
fmt_str(
"</h1>" "\n"
"<table>" "\n"