Fix #1768

yhirose · yhirose · commit 762024b890c5 · 2024-02-02T23:17:32.000-05:00
diff --git a/httplib.h b/httplib.h
@@ -2418,6 +2418,7 @@ inline bool is_valid_path(const std::string &path) {
     auto beg = i;
     while (i < path.size() && path[i] != '/') {
       if (path[i] == '\0') { return false; }
+      else if (path[i] == '\\') { return false; }
       i++;
     }
 
diff --git a/test/test.cc b/test/test.cc
@@ -2509,6 +2509,12 @@ TEST_F(ServerTest, GetMethodOutOfBaseDirMount2) {
   EXPECT_EQ(StatusCode::NotFound_404, res->status);
 }
 
+TEST_F(ServerTest, GetMethodOutOfBaseDirMountWithBackslash) {
+  auto res = cli_.Get("/mount/%2e%2e%5c/www2/dir/test.html");
+  ASSERT_TRUE(res);
+  EXPECT_EQ(StatusCode::NotFound_404, res->status);
+}
+
 TEST_F(ServerTest, PostMethod303) {
   auto res = cli_.Post("/1", "body", "text/plain");
   ASSERT_TRUE(res);

Original file line number	Diff line number	Diff line change
`@@ -2418,6 +2418,7 @@ inline bool is_valid_path(const std::string &path) {`
`2418`	`2418`	`auto beg = i;`
`2419`	`2419`	`while (i < path.size() && path[i] != '/') {`
`2420`	`2420`	`if (path[i] == '\0') { return false; }`
	`2421`	`+ else if (path[i] == '\\') { return false; }`
`2421`	`2422`	`i++;`
`2422`	`2423`	`}`
`2423`	`2424`