• Rob Swindell's avatar
    Don't allow colons in web-requested path names on Windows · a487e0c6
    Rob Swindell authored
    This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other
    potential pathname issues on Windows involving colons.
    
    There are other illegal filename characters on Windows (e.g. <>|"?*), but
    filenames with these characters aren't expected to pass the later stat() test,
    so should fail with a 404 error.
    a487e0c6
websrvr.c 202 KB