X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=networking%2Fhttpd_indexcgi.c;h=562cd7fbef495b0102763bf032cb5134833937b4;hb=3f21044f20ef304309651bbdef8b275475f03a28;hp=9fa7c74812b743adb474ebfd027fbb91ff6ca9ba;hpb=dc698bb038756a926aaa529bda1b939eab2c1676;p=oweals%2Fbusybox.git

diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 9fa7c7481..562cd7fbe 100644
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2007 Denys Vlasenko <vda.linux@googlemail.com>
  *
- * Licensed under GPLv2, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 
 /*
@@ -35,6 +35,7 @@ httpd_indexcgi.c -o index.cgi
  *   2576       4    2048    4628    1214 index.cgi.o
  */
 
+#define _GNU_SOURCE 1  /* for strchrnul */
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
@@ -221,20 +222,25 @@ int main(int argc, char *argv[])
 	unsigned long long size_total;
 	int odd;
 	DIR *dirp;
-	char *QUERY_STRING;
-
-	QUERY_STRING = getenv("QUERY_STRING");
-	if (!QUERY_STRING
-	 || QUERY_STRING[0] != '/'
-	 || strstr(QUERY_STRING, "//")
-	 || strstr(QUERY_STRING, "/../")
-	 || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+	char *location;
+
+	location = getenv("REQUEST_URI");
+	if (!location)
+		return 1;
+
+	/* drop URL arguments if any */
+	strchrnul(location, '?')[0] = '\0';
+
+	if (location[0] != '/'
+	 || strstr(location, "//")
+	 || strstr(location, "/../")
+	 || strcmp(strrchr(location, '/'), "/..") == 0
 	) {
 		return 1;
 	}
 
 	if (chdir("..")
-	 || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+	 || (location[1] && chdir(location + 1))
 	) {
 		return 1;
 	}
@@ -271,14 +277,14 @@ int main(int argc, char *argv[])
 		"\r\n" /* Mandatory empty line after headers */
 		"<html><head><title>Index of ");
 	/* Guard against directories with &, > etc */
-	fmt_html(QUERY_STRING);
+	fmt_html(location);
 	fmt_str(
 		"</title>\n"
 		STYLE_STR
 		"</head>" "\n"
 		"<body>" "\n"
 		"<h1>Index of ");
-	fmt_html(QUERY_STRING);
+	fmt_html(location);
 	fmt_str(
 		"</h1>" "\n"
 		"<table>" "\n"
@@ -315,7 +321,7 @@ int main(int argc, char *argv[])
 		if (S_ISREG(cdir->dl_mode))
 			fmt_ull(cdir->dl_size);
 		fmt_str("<td class=dt>");
-		tm = gmtime(&cdir->dl_mtime);
+		ptm = gmtime(&cdir->dl_mtime);
 		fmt_04u(1900 + ptm->tm_year); *dst++ = '-';
 		fmt_02u(ptm->tm_mon + 1); *dst++ = '-';
 		fmt_02u(ptm->tm_mday); *dst++ = ' ';