vendor/clang/clang-release_32-r168974

author: Dimitry Andric <dim@FreeBSD.org> 2012-12-02 13:20:44 +0000
committer: Dimitry Andric <dim@FreeBSD.org> 2012-12-02 13:20:44 +0000
commit: 13cc256e404620c1de0cbcc4e43ce1e2dbbc4898 (patch)
tree: 2732d02d7d51218d6eed98ac7fcfc5b8794896b5 /tools/scan-view/ScanView.py
parent: 657bc3d9848e3be92029b2416031340988cd0111 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/scan-view/ScanView.py b/tools/scan-view/ScanView.py
index c6dddba6a764..32570b985838 100644
--- a/tools/scan-view/ScanView.py
+++ b/tools/scan-view/ScanView.py
@@ -707,6 +707,11 @@ File Bug</h3>
         return None
 
     def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.abspath(os.path.join(self.server.root, path))
+        if not rel.startswith(os.path.abspath(self.server.root) ):
+          return self.send_404()
+        
         ctype = self.guess_type(path)
         if ctype.startswith('text/'):
             # Patch file instead
author	Dimitry Andric <dim@FreeBSD.org>	2012-12-02 13:20:44 +0000
committer	Dimitry Andric <dim@FreeBSD.org>	2012-12-02 13:20:44 +0000
commit	13cc256e404620c1de0cbcc4e43ce1e2dbbc4898 (patch)
tree	2732d02d7d51218d6eed98ac7fcfc5b8794896b5 /tools/scan-view/ScanView.py
parent	657bc3d9848e3be92029b2416031340988cd0111 (diff)