/[jscoverage]/trunk/jscoverage-server.c
ViewVC logotype

Diff of /trunk/jscoverage-server.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 446 by siliconforks, Wed Feb 18 16:08:33 2009 UTC revision 447 by siliconforks, Sun Aug 9 16:21:27 2009 UTC
# Line 516  Line 516 
516      else {      else {
517        /* check that the path begins with / */        /* check that the path begins with / */
518        if (file_coverage->id[0] == '/') {        if (file_coverage->id[0] == '/') {
519          char * source_path = make_path(document_root, file_coverage->id + 1);          char * decoded_path = decode_uri_component(file_coverage->id);
520            if (strstr(decoded_path, "..") != NULL) {
521              free(decoded_path);
522              fputs("[]", f);
523              HTTPServer_log_err("Warning: invalid source path: %s\n", file_coverage->id);
524              goto done;
525            }
526            char * source_path = make_path(document_root, decoded_path + 1);
527            free(decoded_path);
528          FILE * source_file = fopen(source_path, "rb");          FILE * source_file = fopen(source_path, "rb");
529          free(source_path);          free(source_path);
530          if (source_file == NULL) {          if (source_file == NULL) {
# Line 563  Line 571 
571      }      }
572      fputc(']', f);      fputc(']', f);
573    }    }
574    done:
575    fputc('}', f);    fputc('}', f);
576  }  }
577    
Legend:
Removed from v.446  
changed lines
  Added in v.447
  ViewVC Help
Powered by ViewVC 1.1.24