28 Aug
2020
28 Aug
'20
9:29 p.m.
string file = "."+combine_path("/",request->not_query); file = Protocols.HTTP.uri_decode(file); Stdio.Stat s = file_stat( file );
If the not_query contains "..%2F", combine_path sees that as a perfectly normal directory, and then it gets URI decoded, and Pike will happily read files outside of the directory it's been set to.
Is there a reason the URI decode is done after combine_path?
ChrisA