aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/inets/doc/src/notes.xml8
-rw-r--r--lib/inets/src/http_server/httpd_request.erl4
-rw-r--r--lib/inets/src/inets_app/inets.appup.src4
3 files changed, 14 insertions, 2 deletions
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 60559afc2e..5b5dfdde21 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -69,6 +69,14 @@
<p>Own Id: OTP-9434</p>
</item>
+ <item>
+ <p>[httpd] Fix httpd directory traversal on Windows.
+ Directory traversal was possible on Windows where
+ backward slash is used as directory separator. </p>
+ <p>Andr�s Veres-Szentkir�lyi.</p>
+ <p>Own Id: OTP-9561</p>
+ </item>
+
</list>
</section>
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 7084d9824a..90f8bdd912 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -312,8 +312,8 @@ validate_uri(RequestURI) ->
{'EXIT',_Reason} ->
{error, {bad_request, {malformed_syntax, RequestURI}}};
_ ->
- Path = format_request_uri(UriNoQueryNoHex),
- Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938
+ Path = format_request_uri(UriNoQueryNoHex),
+ Path2 = [X||X<-string:tokens(Path, "/\\"),X=/="."],
validate_path( Path2,0, RequestURI)
end.
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 301bc2d58a..d5fdf86a60 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -20,12 +20,14 @@
[
{"5.7",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
{load_module, http_util, soft_purge, soft_purge, []}
]
},
{"5.6",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc, soft_purge, soft_purge, [httpc_manager]},
{load_module, http_transport, soft_purge, soft_purge, [http_transport]},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
@@ -59,12 +61,14 @@
[
{"5.7",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
{load_module, http_util, soft_purge, soft_purge, []}
]
},
{"5.6",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc, soft_purge, soft_purge, [httpc_manager]},
{load_module, http_transport, soft_purge, soft_purge, [http_transport]},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 11:05:11 +0000