mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-06-12 12:42:50 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Disallow WebDAV MKCOL/PUT/DELETE requests to protected files (like .htpasswd)

Browse Source
This commit is contained in:
Alex Skalozub 2014-06-28 23:14:21 +04:00
parent 0d9fe39dbb
commit b0cf8304cb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mongoose.c
View File

@ -4268,6 +4268,8 @@ static void open_local_endpoint(struct connection *conn, int skip_user) {
#ifndef MONGOOSE_NO_DAV #ifndef MONGOOSE_NO_DAV
} else if (!strcmp(conn->mg_conn.request_method, "PROPFIND")) { } else if (!strcmp(conn->mg_conn.request_method, "PROPFIND")) {
handle_propfind(conn, path, &st, exists); handle_propfind(conn, path, &st, exists);
} else if (must_hide_file(conn, path)) {
send_http_error(conn, 404, NULL);
} else if (!strcmp(conn->mg_conn.request_method, "MKCOL")) { } else if (!strcmp(conn->mg_conn.request_method, "MKCOL")) {
handle_mkcol(conn, path); handle_mkcol(conn, path);
} else if (!strcmp(conn->mg_conn.request_method, "DELETE")) { } else if (!strcmp(conn->mg_conn.request_method, "DELETE")) {