diff options
author | elonen <elonen@iki.fi> | 2015-05-16 23:51:32 +0300 |
---|---|---|
committer | elonen <elonen@iki.fi> | 2015-05-16 23:51:32 +0300 |
commit | f5ba92b795f457704f29b022c2859523e1b95d23 (patch) | |
tree | 72eb1554d362fdbdce2eb80d47479563bab54e62 /webserver | |
parent | ed47140e7b3e560981985d3ede1676564cb4111e (diff) | |
download | nanohttpd-f5ba92b795f457704f29b022c2859523e1b95d23.tar.gz |
Removed non-generic hard-coded path test
The uri.startsWith("src/main") || uri.endsWith("src/main") test is not useful in general cases, but potentially a bug.
Diffstat (limited to 'webserver')
-rw-r--r-- | webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java b/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java index a2396e8..8cae9a3 100644 --- a/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java +++ b/webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java @@ -398,7 +398,7 @@ public class SimpleWebServer extends NanoHTTPD { } // Prohibit getting out of current directory - if (uri.startsWith("src/main") || uri.endsWith("src/main") || uri.contains("../")) { + if (uri.contains("../")) { return getForbiddenResponse("Won't serve ../ for security reasons."); } |