Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit 6623cff0 authored by Deucе's avatar Deucе 👌🏾

Always return 403 to requests for access.ars or webctrl.ini

Previously, 403 was only returned if they existed, and 404 if they
didn't.
parent 22c6721d
Pipeline #1349 passed with stage
in 16 minutes and 39 seconds
......@@ -3602,14 +3602,16 @@ static BOOL check_request(http_session_t * session)
/* Terminate the path after the slash */
*(last_slash+1)=0;
SAFEPRINTF(str,"%saccess.ars",curdir);
if(!stat(str,&sb)) {
/* NEVER serve up an access.ars file */
lprintf(LOG_WARNING,"%04d !WARNING! access.ars support is deprecated and will be REMOVED very soon.",session->socket);
lprintf(LOG_WARNING,"%04d !WARNING! access.ars found at %s.",session->socket,str);
if(!strcmp(path,str)) {
send_error(session,__LINE__,"403 Forbidden");
return(FALSE);
/* NEVER serve up an access.ars file */
if(!strcmp(path,str)) {
if(!stat(str,&sb)) {
lprintf(LOG_WARNING,"%04d !WARNING! access.ars support is deprecated and will be REMOVED very soon.",session->socket);
lprintf(LOG_WARNING,"%04d !WARNING! access.ars found at %s.",session->socket,str);
}
send_error(session,__LINE__,"403 Forbidden");
return(FALSE);
}
if(!stat(str,&sb)) {
/* Read access.ars file */
if((file=fopen(str,"r"))!=NULL) {
fgets(session->req.ars,sizeof(session->req.ars),file);
......@@ -3624,12 +3626,12 @@ static BOOL check_request(http_session_t * session)
truncsp(session->req.ars);
}
SAFEPRINTF(str,"%swebctrl.ini",curdir);
/* NEVER serve up a webctrl.ini file */
if(!strcmp(path,str)) {
send_error(session,__LINE__,"403 Forbidden");
return(FALSE);
}
if(!stat(str,&sb)) {
/* NEVER serve up a webctrl.ini file */
if(!strcmp(path,str)) {
send_error(session,__LINE__,"403 Forbidden");
return(FALSE);
}
/* Read webctrl.ini file */
if((file=fopen(str,"r"))!=NULL) {
/* FREE()d in this block */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment