Further harden checking that scan-view isn't serving up pages outside

the server root. llvm-svn: 165839
author: Ted Kremenek <kremenek@apple.com> 2012-10-12 22:56:38 +0000
committer: Ted Kremenek <kremenek@apple.com> 2012-10-12 22:56:38 +0000
commit: 639a17a229479e34ba630b8bd71512ad6922341d (patch)
tree: 71bb40b6bb12424aff224246f1ed7d702c6c858a /clang/tools/scan-view/ScanView.py
parent: d0b977039960c1e7f2a88033c5ac1085ebb6f923 (diff)
download: bcm5719-llvm-639a17a229479e34ba630b8bd71512ad6922341d.tar.gz
bcm5719-llvm-639a17a229479e34ba630b8bd71512ad6922341d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/clang/tools/scan-view/ScanView.py b/clang/tools/scan-view/ScanView.py
index 3e03f1a6a34..32570b98583 100644
--- a/clang/tools/scan-view/ScanView.py
+++ b/clang/tools/scan-view/ScanView.py
@@ -708,8 +708,8 @@ File Bug</h3>
 
     def send_path(self, path):
         # If the requested path is outside the root directory, do not open it
-        rel = os.path.relpath(path, self.server.root)
-        if rel.startswith(os.pardir + os.sep):
+        rel = os.path.abspath(os.path.join(self.server.root, path))
+        if not rel.startswith(os.path.abspath(self.server.root) ):
           return self.send_404()
         
         ctype = self.guess_type(path)
author	Ted Kremenek <kremenek@apple.com>	2012-10-12 22:56:38 +0000
committer	Ted Kremenek <kremenek@apple.com>	2012-10-12 22:56:38 +0000
commit	639a17a229479e34ba630b8bd71512ad6922341d (patch)
tree	71bb40b6bb12424aff224246f1ed7d702c6c858a /clang/tools/scan-view/ScanView.py
parent	d0b977039960c1e7f2a88033c5ac1085ebb6f923 (diff)
download	bcm5719-llvm-639a17a229479e34ba630b8bd71512ad6922341d.tar.gz bcm5719-llvm-639a17a229479e34ba630b8bd71512ad6922341d.zip