From bd77abe0f81f196006dbd46d7be61e7cc36911be Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 5 Mar 2017 15:39:45 -0500
Subject: [config] more specific checks for array lists

More specific checks on contents of array lists.  Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)

This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.

x-ref:
  https://redmine.lighttpd.net/boards/2/topics/6571
---
 src/mod_staticfile.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/mod_staticfile.c')

diff --git a/src/mod_staticfile.c b/src/mod_staticfile.c
index 66b75c26..e4fb52a1 100644
--- a/src/mod_staticfile.c
+++ b/src/mod_staticfile.c
@@ -110,6 +110,12 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
 		if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
 			return HANDLER_ERROR;
 		}
+
+		if (!array_is_vlist(s->exclude_ext)) {
+			log_error_write(srv, __FILE__, __LINE__, "s",
+					"unexpected value for static-file.exclude-extensions; expected list of \"ext\"");
+			return HANDLER_ERROR;
+		}
 	}
 
 	return HANDLER_GO_ON;
-- 
cgit v1.2.1