From fed641620835f0c5f9518a853b1e6ce9459b88f5 Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Windows 11)" <rob@synchro.net>
Date: Sat, 30 Nov 2024 16:25:27 -0800
Subject: [PATCH] Add web server NO_FILEBASE option to disable filebase access
 via web

You can also disable filebase access by setting the vpath prefix to blank.
---
 src/sbbs3/websrvr.c | 3 ++-
 src/sbbs3/websrvr.h | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 8b0e3a110c..e3c33baae4 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -3279,7 +3279,8 @@ static enum get_fullpath get_fullpath(http_session_t * session)
 	} else
 		safe_snprintf(str,sizeof(str),"%s%s",root_dir,session->req.physical_path);
 
-	if(startup->file_vpath_prefix[0] && (vhost == false || startup->file_vpath_for_vhosts == true)
+	if(!(startup->options & WEB_OPT_NO_FILEBASE)
+		&& startup->file_vpath_prefix[0] && (vhost == false || startup->file_vpath_for_vhosts == true)
 		&& strncmp(session->req.physical_path, startup->file_vpath_prefix, strlen(startup->file_vpath_prefix)) == 0) {
 		session->parsed_vpath = resolve_vpath(session, session->req.physical_path);
 		switch(session->parsed_vpath) {
diff --git a/src/sbbs3/websrvr.h b/src/sbbs3/websrvr.h
index 4073c0607b..d2554262a2 100644
--- a/src/sbbs3/websrvr.h
+++ b/src/sbbs3/websrvr.h
@@ -88,6 +88,7 @@ static struct init_field web_init_fields[] = {
 #define WEB_OPT_ALLOW_TLS			(1<<7)	/* Enable HTTPS support				*/
 #define WEB_OPT_HSTS_SAFE			(1<<8)	/* All URLs can be served over HTTPS*/
 #define WEB_OPT_NO_HTTP				(1<<9)	/* Disable HTTP support				*/
+#define WEB_OPT_NO_FILEBASE			(1<<10)	/* Disable FileBase support			*/
 
 /* web_startup_t.options bits that require re-init/recycle when changed */
 #define WEB_INIT_OPTS	(WEB_OPT_HTTP_LOGGING)
@@ -104,6 +105,7 @@ static ini_bitdesc_t web_options[] = {
 	{ WEB_OPT_HTTP_LOGGING			,"HTTP_LOGGING"			},
 	{ WEB_OPT_ALLOW_TLS				,"ALLOW_TLS"			},
 	{ WEB_OPT_HSTS_SAFE				,"HSTS_SAFE"			},
+	{ WEB_OPT_NO_FILEBASE			,"NO_FILEBASE"			},
 
 	/* shared bits */
 	{ BBS_OPT_NO_HOST_LOOKUP		,"NO_HOST_LOOKUP"		},
-- 
GitLab