Fossil SCM
Do not allow the "fossil server" command to serve any static content file that contains ".fossil" anywhere in its name. This prevents repository files and/or their journals from being downloaded as static content.
Commit
e726c8082ed4eb9370d4344732b3c1f35912a573
Parent
ed1e34c7607f368…
1 file changed
+1
-1
+1
-1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1413,11 +1413,11 @@ | ||
| 1413 | 1413 | if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){ |
| 1414 | 1414 | fossil_free(zToFree); |
| 1415 | 1415 | i++; |
| 1416 | 1416 | continue; |
| 1417 | 1417 | } |
| 1418 | - if( file_isfile(zRepo) ){ | |
| 1418 | + if( file_isfile(zRepo) && strglob("*.fossil*",zRepo)==0 ){ | |
| 1419 | 1419 | Blob content; |
| 1420 | 1420 | blob_read_from_file(&content, zRepo); |
| 1421 | 1421 | cgi_set_content_type(mimetype_from_name(zRepo)); |
| 1422 | 1422 | cgi_set_content(&content); |
| 1423 | 1423 | cgi_reply(); |
| 1424 | 1424 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1413,11 +1413,11 @@ | |
| 1413 | if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){ |
| 1414 | fossil_free(zToFree); |
| 1415 | i++; |
| 1416 | continue; |
| 1417 | } |
| 1418 | if( file_isfile(zRepo) ){ |
| 1419 | Blob content; |
| 1420 | blob_read_from_file(&content, zRepo); |
| 1421 | cgi_set_content_type(mimetype_from_name(zRepo)); |
| 1422 | cgi_set_content(&content); |
| 1423 | cgi_reply(); |
| 1424 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1413,11 +1413,11 @@ | |
| 1413 | if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){ |
| 1414 | fossil_free(zToFree); |
| 1415 | i++; |
| 1416 | continue; |
| 1417 | } |
| 1418 | if( file_isfile(zRepo) && strglob("*.fossil*",zRepo)==0 ){ |
| 1419 | Blob content; |
| 1420 | blob_read_from_file(&content, zRepo); |
| 1421 | cgi_set_content_type(mimetype_from_name(zRepo)); |
| 1422 | cgi_set_content(&content); |
| 1423 | cgi_reply(); |
| 1424 |