DevWiki/websocket-sharp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Modify] Add some checks for the path

Browse Source
This commit is contained in:
sta 2017-06-16 16:34:47 +09:00
parent 5e28b6db29
commit be58cb2ff3
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
websocket-sharp/Server/HttpServer.cs
View File

@ -1338,7 +1338,15 @@ namespace WebSocketSharp.Server
/// <paramref name="path"/> is <see langword="null"/>. /// <paramref name="path"/> is <see langword="null"/>.
/// </exception> /// </exception>
/// <exception cref="ArgumentException"> /// <exception cref="ArgumentException">
/// <paramref name="path"/> is an empty string. /// <para>
/// <paramref name="path"/> is an empty string.
/// </para>
/// <para>
/// -or-
/// </para>
/// <para>
/// <paramref name="path"/> is an invalid path.
/// </para>
/// </exception> /// </exception>
public byte[] GetFile (string path) public byte[] GetFile (string path)
{ {
@ -1348,6 +1356,18 @@ namespace WebSocketSharp.Server
if (path.Length == 0) if (path.Length == 0)
throw new ArgumentException ("An empty string.", "path"); throw new ArgumentException ("An empty string.", "path");
if (path.IndexOf (':') > -1)
throw new ArgumentException ("It contains ':'.", "path");
if (path.IndexOf ("..") > -1)
throw new ArgumentException ("It contains '..'.", "path");
if (path.IndexOf ("//") > -1)
throw new ArgumentException ("It contains '//'.", "path");
if (path.IndexOf ("\\\\") > -1)
throw new ArgumentException ("It contains '\\\\'.", "path");
path = createFilePath (path); path = createFilePath (path);
return File.Exists (path) ? File.ReadAllBytes (path) : null; return File.Exists (path) ? File.ReadAllBytes (path) : null;
} }