From be58cb2ff3566226e2dbd102a826bda8abeeeb8e Mon Sep 17 00:00:00 2001
From: sta <sta.blockhead@gmail.com>
Date: Fri, 16 Jun 2017 16:34:47 +0900
Subject: [PATCH] [Modify] Add some checks for the path

---
 websocket-sharp/Server/HttpServer.cs | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/websocket-sharp/Server/HttpServer.cs b/websocket-sharp/Server/HttpServer.cs
index 66c5561b..37dff42c 100644
--- a/websocket-sharp/Server/HttpServer.cs
+++ b/websocket-sharp/Server/HttpServer.cs
@@ -1338,7 +1338,15 @@ namespace WebSocketSharp.Server
     /// <paramref name="path"/> is <see langword="null"/>.
     /// </exception>
     /// <exception cref="ArgumentException">
-    /// <paramref name="path"/> is an empty string.
+    ///   <para>
+    ///   <paramref name="path"/> is an empty string.
+    ///   </para>
+    ///   <para>
+    ///   -or-
+    ///   </para>
+    ///   <para>
+    ///   <paramref name="path"/> is an invalid path.
+    ///   </para>
     /// </exception>
     public byte[] GetFile (string path)
     {
@@ -1348,6 +1356,18 @@ namespace WebSocketSharp.Server
       if (path.Length == 0)
         throw new ArgumentException ("An empty string.", "path");
 
+      if (path.IndexOf (':') > -1)
+        throw new ArgumentException ("It contains ':'.", "path");
+
+      if (path.IndexOf ("..") > -1)
+        throw new ArgumentException ("It contains '..'.", "path");
+
+      if (path.IndexOf ("//") > -1)
+        throw new ArgumentException ("It contains '//'.", "path");
+
+      if (path.IndexOf ("\\\\") > -1)
+        throw new ArgumentException ("It contains '\\\\'.", "path");
+
       path = createFilePath (path);
       return File.Exists (path) ? File.ReadAllBytes (path) : null;
     }