X-Git-Url: http://wpitchoune.net/gitweb/?p=psensor-pkg-debian.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;fp=src%2Fserver%2Fserver.c;h=d868d86163fcdc3a724921ddc97b42b2baad5d00;hp=58625868f5f1a9c2e51aacc253407730eaeb0562;hb=cf12deca248d26a9577c634c9f37703c74f7358f;hpb=3a88e1d31d106fd5b95e7365d6ef6ad33a269631

diff --git a/src/server/server.c b/src/server/server.c
index 5862586..d868d86 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -23,6 +23,7 @@
 #include <libintl.h>
 #define _(str) gettext(str)
 
+#include <limits.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -192,8 +193,9 @@ create_response_api(const char *nurl, const char *method, unsigned int *rp_code)
 	if (page) {
 		*rp_code = MHD_HTTP_OK;
 
-		resp = MHD_create_response_from_data(strlen(page), page,
-						     MHD_YES, MHD_NO);
+		resp = MHD_create_response_from_buffer(strlen(page),
+						       page,
+						       MHD_RESPMEM_MUST_FREE);
 
 		MHD_add_response_header(resp, MHD_HTTP_HEADER_CONTENT_TYPE,
 					"application/json");
@@ -223,8 +225,8 @@ static struct MHD_Response *create_response_file(const char *nurl,
 
 			if (!st.st_size) {
 				fclose(file);
-				return MHD_create_response_from_data
-					(0, NULL, MHD_NO, MHD_NO);
+				return MHD_create_response_from_buffer
+					(0, NULL, 0);
 			}
 
 			return MHD_create_response_from_callback
@@ -245,14 +247,25 @@ static struct MHD_Response *create_response_file(const char *nurl,
 static struct MHD_Response *
 create_response(const char *nurl, const char *method, unsigned int *rp_code)
 {
+	char *page, *fpath, *rpath;
 	struct MHD_Response *resp = NULL;
+	int n;
 
 	if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) {
 		resp = create_response_api(nurl, method, rp_code);
 	} else {
-		char *fpath = get_path(nurl, server_data.www_dir);
-
-		resp = create_response_file(nurl, method, rp_code, fpath);
+		fpath = get_path(nurl, server_data.www_dir);
+
+		rpath = realpath(fpath, NULL);
+		if (rpath) {
+			n = strlen(server_data.www_dir);
+			if (!strncmp(server_data.www_dir, rpath, n))
+				resp = create_response_file(nurl,
+							    method,
+							    rp_code,
+							    fpath);
+			free(rpath);
+		}
 
 		free(fpath);
 	}
@@ -260,13 +273,12 @@ create_response(const char *nurl, const char *method, unsigned int *rp_code)
 	if (resp)
 		return resp;
 
-	char *page = strdup(PAGE_NOT_FOUND);
+	page = strdup(PAGE_NOT_FOUND);
 	*rp_code = MHD_HTTP_NOT_FOUND;
 
-	return MHD_create_response_from_data(strlen(page),
-					     page,
-					     MHD_YES,
-					     MHD_NO);
+	return MHD_create_response_from_buffer(strlen(page),
+					       page,
+					       MHD_RESPMEM_MUST_FREE);
 }
 
 static int cbk_http_request(void *cls,
@@ -347,7 +359,7 @@ int main(int argc, char *argv[])
 		switch (optc) {
 		case 'w':
 			if (optarg)
-				server_data.www_dir = strdup(optarg);
+				server_data.www_dir = realpath(optarg, NULL);
 			break;
 		case 'p':
 			if (optarg)
@@ -386,8 +398,14 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (!server_data.www_dir)
-		server_data.www_dir = strdup(DEFAULT_WWW_DIR);
+	if (!server_data.www_dir) {
+		server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL);
+		if (!server_data.www_dir) {
+			fprintf(stderr,
+				_("Webserver directory does not exist.\n"));
+			exit(EXIT_FAILURE);
+		}
+	}
 
 	if (!log_file)
 		log_file = strdup(DEFAULT_LOG_FILE);