]> granicus.if.org Git - clang/commitdiff
Have scan-view guard against serving up pages outside the root directory.
authorTed Kremenek <kremenek@apple.com>
Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
committerTed Kremenek <kremenek@apple.com>
Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165815 91177308-0d34-0410-b5e6-96231b3b80d8

tools/scan-view/ScanView.py

index c6dddba6a76455bdc165ad328b402a049714d73c..3e03f1a6a347a5b31d38e859d149b5ad1e4027d5 100644 (file)
@@ -707,6 +707,11 @@ File Bug</h3>
         return None
 
     def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.relpath(path, self.server.root)
+        if rel.startswith(os.pardir + os.sep):
+          return self.send_404()
+        
         ctype = self.guess_type(path)
         if ctype.startswith('text/'):
             # Patch file instead