From 824769dee2e89ef75b0c59e91d5ede5f2c815213 Mon Sep 17 00:00:00 2001 From: DanyLE Date: Sun, 17 Mar 2024 19:02:14 +0100 Subject: [PATCH] feat: AssetController shall denies access to files in folder that has a .DENIED file --- configure.ac | 2 +- silkmvc/BaseController.lua | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 9ca8a16..7608ce5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ # initialise autoconf and set up some basic information about the program we’re packaging -AC_INIT([silk], [0.1.1], [xsang.le@gmail.com]) +AC_INIT([silk], [0.2.0], [xsang.le@gmail.com]) # We’re going to use automake for this project # [subdir-objects] if needed diff --git a/silkmvc/BaseController.lua b/silkmvc/BaseController.lua index 352a2f4..b703d67 100644 --- a/silkmvc/BaseController.lua +++ b/silkmvc/BaseController.lua @@ -93,8 +93,19 @@ function AssetController:index(...) end function AssetController:get(...) - local path = WWW_ROOT..DIR_SEP..implode({...}, DIR_SEP) - + -- check for access in all parent DIR + local DENIEDF = ".DENIED" + local curr_dir = WWW_ROOT + local args = {...} + for i, v in ipairs(explode(args[1], "/")) do + LOG_DEBUG("Checking acess for %s", curr_dir) + if ulib.exists(curr_dir..DIR_SEP..DENIEDF) then + self:error("Access forbidden: "..curr_dir) + return false + end + curr_dir = curr_dir..DIR_SEP..v + end + local path = WWW_ROOT..DIR_SEP..implode(args, DIR_SEP) if self.registry.fileaccess and ulib.exists(path) then local mime = std.mimeOf(path) if POLICY.mimes[mime] then