- char *fpath = get_path(nurl, server_data.www_dir);
-
- resp = create_response_file(nurl, method, rp_code, fpath);
+ fpath = get_path(nurl, server_data.www_dir);
+
+ rpath = realpath(fpath, NULL);
+ if (rpath) {
+ n = strlen(server_data.www_dir);
+ if (!strncmp(server_data.www_dir, rpath, n))
+ resp = create_response_file(nurl,
+ method,
+ rp_code,
+ fpath);
+ free(rpath);
+ }