diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-05 15:39:45 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-08 11:42:59 -0500 |
commit | bd77abe0f81f196006dbd46d7be61e7cc36911be (patch) | |
tree | 8f3b4ca98ee0a1a5d5a17aea96bdfe536bd8839c /src/mod_staticfile.c | |
parent | 970f337c29e74b3e5f076cee105abc9739a9bd72 (diff) | |
download | lighttpd-git-bd77abe0f81f196006dbd46d7be61e7cc36911be.tar.gz |
[config] more specific checks for array lists
More specific checks on contents of array lists. Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)
This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/6571
Diffstat (limited to 'src/mod_staticfile.c')
-rw-r--r-- | src/mod_staticfile.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/mod_staticfile.c b/src/mod_staticfile.c index 66b75c26..e4fb52a1 100644 --- a/src/mod_staticfile.c +++ b/src/mod_staticfile.c @@ -110,6 +110,12 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) { if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { return HANDLER_ERROR; } + + if (!array_is_vlist(s->exclude_ext)) { + log_error_write(srv, __FILE__, __LINE__, "s", + "unexpected value for static-file.exclude-extensions; expected list of \"ext\""); + return HANDLER_ERROR; + } } return HANDLER_GO_ON; |