mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-07 00:19:27 +00:00
WebServer: Return 403 for a GET request to an inaccessible path
Previously, trying to access a non-readable file would cause a connection reset in the browser; trying to access a non-executable directory would show a completely empty directory listing.
This commit is contained in:
parent
b2f0c50376
commit
c9e4a82c04
|
@ -138,6 +138,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
|
|||
|
||||
auto index_html_path = TRY(String::formatted("{}/index.html", real_path));
|
||||
if (!FileSystem::exists(index_html_path)) {
|
||||
auto is_searchable_or_error = Core::System::access(real_path.bytes_as_string_view(), X_OK);
|
||||
if (is_searchable_or_error.is_error()) {
|
||||
TRY(send_error_response(403, request));
|
||||
return false;
|
||||
}
|
||||
|
||||
TRY(handle_directory_listing(requested_path, real_path, request));
|
||||
return true;
|
||||
}
|
||||
|
@ -149,6 +155,12 @@ ErrorOr<bool> Client::handle_request(HTTP::HttpRequest const& request)
|
|||
return false;
|
||||
}
|
||||
|
||||
auto is_readable_or_error = Core::System::access(real_path.bytes_as_string_view(), R_OK);
|
||||
if (is_readable_or_error.is_error()) {
|
||||
TRY(send_error_response(403, request));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (FileSystem::is_device(real_path.bytes_as_string_view())) {
|
||||
TRY(send_error_response(403, request));
|
||||
return false;
|
||||
|
|
Loading…
Reference in a new issue