[tor-commits] [flashproxy/master] Check PATH info for a path of /.
dcf at torproject.org
dcf at torproject.org
Tue Sep 11 04:08:06 UTC 2012
commit a6cc1d6108a82131473fe295ca785f98eb140388
Author: David Fifield <david at bamsoftware.com>
Date: Mon Sep 10 21:03:51 2012 -0700
Check PATH info for a path of /.
---
facilitator/facilitator.cgi | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/facilitator/facilitator.cgi b/facilitator/facilitator.cgi
index 39566d3..6ccb479 100755
--- a/facilitator/facilitator.cgi
+++ b/facilitator/facilitator.cgi
@@ -2,6 +2,7 @@
import cgi
import os
+import os.path
import socket
import sys
import urllib
@@ -68,14 +69,19 @@ def get_reg(proxy_addr):
exit_error(500)
method = os.environ.get("REQUEST_METHOD")
+path_info = os.environ.get("PATH_INFO")
proxy_addr = (os.environ.get("REMOTE_ADDR"), None)
-if not method or not proxy_addr[0]:
+if not method or not path_info or not proxy_addr[0]:
exit_error(400)
+path = os.path.normpath(path_info)
+
fs = cgi.FieldStorage()
def do_get():
+ if path != "/":
+ exit_error(400)
try:
reg = get_reg(proxy_addr) or ""
except:
@@ -90,6 +96,8 @@ Access-Control-Allow-Origin: *\r
sys.stdout.write(urllib.urlencode(reg))
def do_post():
+ if path != "/":
+ exit_error(400)
client_specs = fs.getlist("client")
if len(client_specs) != 1:
exit_error(400)
More information about the tor-commits
mailing list