Fix incorrect relative path checks to avoid bypassing path validation

swoole · Sep 23, 2024 · 3ed1b8b · 3ed1b8b
1 parent 64e45a7
commit 3ed1b8b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/server/static_handler.cc b/src/server/static_handler.cc
@@ -132,7 +132,7 @@ bool StaticHandler::hit() {
     l_filename = http_server::url_decode(filename, p - filename);
     filename[l_filename] = '\0';
 
-    if (swoole_strnpos(url, n, SW_STRL("..")) == -1) {
+    if (swoole_strnpos(filename, n, SW_STRL("..")) == -1) {
         goto _detect_mime_type;
     }