Fix incomplete path traversal check in FileResponse (nwu + nwu2)

src/com/nwu/httpd/responses/FileResponse.java

@@ -104,12 +104,13 @@ public com.nwu.httpd.responses.Response serveFile(String uri,
 					"FORBIDDEN: Invalid path.");
 		}
 
-		// Prohibit getting out of current directory
-		if (relativeUri.startsWith("..") || relativeUri.endsWith("..")
-				|| relativeUri.indexOf("../") >= 0)
-			return new com.nwu.httpd.responses.SimpleResponse(httpd,
-					Codes.HTTP_FORBIDDEN, Codes.MIME_PLAINTEXT,
-					"FORBIDDEN: Won't serve ../ for security reasons.");
+		// Prohibit getting out of current directory
+		if (relativeUri.startsWith("..") || relativeUri.endsWith("..")
+				|| relativeUri.indexOf("../") >= 0
+				|| relativeUri.indexOf(".." + File.separator) >= 0)
+			return new com.nwu.httpd.responses.SimpleResponse(httpd,
+					Codes.HTTP_FORBIDDEN, Codes.MIME_PLAINTEXT,
+					"FORBIDDEN: Won't serve .. paths for security reasons.");
 
 		File f;
 		File baseDir;

src/com/nwu2/httpd/responses/FileResponse.java

@@ -106,10 +106,11 @@ public com.nwu2.httpd.responses.Response serveFile(String uri,
 
 		// Prohibit getting out of current directory
 		if (relativeUri.startsWith("..") || relativeUri.endsWith("..")
-				|| relativeUri.indexOf("../") >= 0)
+				|| relativeUri.indexOf("../") >= 0
+				|| relativeUri.indexOf(".." + File.separator) >= 0)
 			return new com.nwu2.httpd.responses.SimpleResponse(httpd,
 					Codes.HTTP_FORBIDDEN, Codes.MIME_PLAINTEXT,
-					"FORBIDDEN: Won't serve ../ for security reasons.");
+					"FORBIDDEN: Won't serve .. paths for security reasons.");
 
 		File f;
 		File baseDir;
@@ -135,41 +136,6 @@ public com.nwu2.httpd.responses.Response serveFile(String uri,
 					Codes.HTTP_NOTFOUND, Codes.MIME_PLAINTEXT,
 					"Error 404, file not found.");
 
-			// List the directory, if necessary
-			if (f.isDirectory()) {
-				// Browsers get confused without '/' after the
-				// directory, send a redirect.
-				if (!uriForLinks.endsWith("/")) {
-					uriForLinks += "/";
-//				com.nwu2.httpd.responses.Response r = new com.nwu2.httpd.responses.SimpleResponse(
-//						httpd, Codes.HTTP_REDIRECT, Codes.MIME_HTML,
-//						"<html><head><meta http-equiv=\"refresh\" content=\"0; url=" + this.rURI + uri + "\"></head>"+HTML_STYLE+"<body>Redirected: <a href=\"" + this.rURI + uri + "\">"
-//								+ this.rURI + uri + "</a></body></html>");
-//				r.addHeader("Location", this.rURI + uri);
-//				return r;
-				}
-
-				this.rURI = this.rURI.replaceAll("/+", "/");
-				uriForLinks = uriForLinks.replaceAll("/+",  "/");
-
-				// First try index.html and index.htm
-				if (new File(f, "index.html").exists())
-					f = new File(f, "index.html");
-				else if (new File(f, "index.htm").exists())
-					f = new File(f, "index.htm");
-				// No index file, list the directory
-				else if (allowDirectoryListing) {
-					String[] files = f.list();
-					String msg = "<html>"+HTML_STYLE+"<body><h1>Directory /" + uriForLinks + "</h1><br/>";
-
-					if (uriForLinks.length() > 1) {
-						String u = uriForLinks.substring(0, uriForLinks.length() - 1);
-						int slash = u.lastIndexOf('/');
-						if (slash >= 0 && slash < u.length())
-							msg += "<b><a href=\"" + encodeUri(uriForLinks.substring(0, slash + 1))
-									+ "\">..</a></b><br/>";
-					}
-
 					for (int i = 0; i < files.length; ++i) {
 					File curFile = new File(f, files[i]);
 					boolean dir = curFile.isDirectory();