diff --git a/collects/tests/web-server/dispatchers/filesystem-map-test.rkt b/collects/tests/web-server/dispatchers/filesystem-map-test.rkt index f3ed284718..d948241563 100644 --- a/collects/tests/web-server/dispatchers/filesystem-map-test.rkt +++ b/collects/tests/web-server/dispatchers/filesystem-map-test.rkt @@ -1,6 +1,7 @@ #lang racket/base (require rackunit net/url + racket/list web-server/private/util racket/runtime-path web-server/dispatchers/filesystem-map) @@ -18,23 +19,23 @@ (define test-filter-map (filter-url->path #rx"\\.(ss|scm|rkt)$" test-map)) (define test-filter-valid-map (filter-url->path #rx"\\.(ss|scm|rkt)$" test-valid-map)) -(define (test-url->path +(define (test-url->path url->path file - #:url-string + #:url-string [url-string (format "http://test.com/~a" (path->string file))] #:expected [expected file]) (define vs (call-with-values - (lambda () (url->path (string->url url-string))) - (lambda vs vs))) + (lambda () (url->path (string->url url-string))) + (lambda vs vs))) (check-equal? vs (list (build-path base-dir expected) (explode-path* expected)))) (define filesystem-map-tests (test-suite "Filesystem Map" - + (test-suite "url->path" (test-case "Simple case" @@ -44,9 +45,12 @@ #:url-string "http://test.com/dispatchers/filesystem-map.rkt;foo")) (test-case "Strips out bad '..'s" (check-exn exn:fail? (λ () (test-map (string->url "http://test.com/../../dispatchers/filesystem-map.rkt"))))) + (test-case "Handles // okay" + (check-equal? (second (call-with-values (λ () (test-map (string->url "http://test.com//dispatchers/filesystem-map.rkt"))) list)) + (list 'same (build-path "dispatchers") (build-path "filesystem-map.rkt")))) (test-case "Leaves in good '..'s" (test-url->path test-map (build-path "dispatchers/../dispatchers/filesystem-map.rkt")))) - + (test-suite "url->valid-path" (test-suite @@ -57,14 +61,14 @@ (test-url->path test-valid-map (build-path "dispatchers/filesystem-map.rkt") #:url-string "http://test.com/dispatchers/filesystem-map.rkt;foo")) (test-case "Strips out bad '..'s" - (check-exn exn:fail? (λ () (test-valid-map (string->url "http://test.com/../../dispatchers/filesystem-map.rkt"))))) + (check-exn exn:fail? (λ () (test-valid-map (string->url "http://test.com/../../dispatchers/filesystem-map.rkt"))))) (test-case "Leaves in good '..'s" (test-url->path test-valid-map (build-path "dispatchers/../dispatchers/filesystem-map.rkt")))) (test-case "Finds valid path underneath" (test-url->path test-valid-map (build-path "dispatchers/filesystem-map.rkt/not-a-file") #:expected (build-path "dispatchers/filesystem-map.rkt")))) - - + + (test-suite "filter-url->path" (test-case "Allows right suffix" @@ -84,4 +88,3 @@ (test-case "Allows content after w/ valid" (test-url->path test-filter-valid-map (build-path "dispatchers/filesystem-map.rkt/extra/info") #:expected (build-path "dispatchers/filesystem-map.rkt")))))) - diff --git a/collects/web-server/dispatchers/filesystem-map.rkt b/collects/web-server/dispatchers/filesystem-map.rkt index f016053e8f..4588610cbd 100644 --- a/collects/web-server/dispatchers/filesystem-map.rkt +++ b/collects/web-server/dispatchers/filesystem-map.rkt @@ -71,8 +71,11 @@ (define ((make-url->path base) u) (define nbase (path->complete-path base)) (define path-from-url - (map path/param-path - (url-path u))) + (for/list ([p/p (in-list (url-path u))]) + (match (path/param-path p/p) + ["" 'same] + [".." 'up] + [x x]))) (unless (restrict path-from-url) (error 'url->path "Illegal path: ~e outside base: ~e" path-from-url