1 files changed, 17 insertions, 19 deletions

diff --git a/src/zenserver/frontend/frontend.cpp b/src/zenserver/frontend/frontend.cpp
index 812536074..c7c2b0023 100644
--- a/src/zenserver/frontend/frontend.cpp
+++ b/src/zenserver/frontend/frontend.cpp
@@ -143,12 +143,6 @@ HttpFrontendService::HandleRequest(zen::HttpServerRequest& Request)
 		Uri = UriBuilder;
 	}
 
-	// Dismiss if the URI contains .. anywhere to prevent arbitrary file reads
-	if (Uri.find("..") != Uri.npos)
-	{
-		return Request.WriteResponse(HttpResponseCode::Forbidden);
-	}
-
 	// Map the file extension to a MIME type. To keep things constrained, only a
 	// small subset of file extensions is allowed
 
@@ -184,28 +178,32 @@ HttpFrontendService::HandleRequest(zen::HttpServerRequest& Request)
 		constexpr std::string_view DataPrefix = "data/";
 		if (!m_DocsDirectory.empty() && InUri.starts_with(DataPrefix))
 		{
-			std::string_view DocsRelative = InUri.substr(DataPrefix.size());
-			auto			 FullPath	  = m_DocsDirectory / std::filesystem::path(DocsRelative).make_preferred();
-			FileContents	 File		  = ReadFile(FullPath);
-
-			if (!File.ErrorCode)
+			const std::string_view DocsRelative = InUri.substr(DataPrefix.size());
+			if (std::optional<std::filesystem::path> FullPath = ResolveSafeRelativePath(m_DocsDirectory, DocsRelative))
 			{
-				Request.WriteResponse(ResponseCode, ContentType, File.Data[0]);
-				return true;
+				FileContents File = ReadFile(*FullPath);
+
+				if (!File.ErrorCode)
+				{
+					Request.WriteResponse(ResponseCode, ContentType, File.Data[0]);
+					return true;
+				}
 			}
 		}
 
 		// The given content directory overrides any zip-fs discovered in the binary
 		if (!m_Directory.empty())
 		{
-			auto		 FullPath = m_Directory / std::filesystem::path(InUri).make_preferred();
-			FileContents File	  = ReadFile(FullPath);
-
-			if (!File.ErrorCode)
+			if (std::optional<std::filesystem::path> FullPath = ResolveSafeRelativePath(m_Directory, InUri))
 			{
-				Request.WriteResponse(ResponseCode, ContentType, File.Data[0]);
+				FileContents File = ReadFile(*FullPath);
 
-				return true;
+				if (!File.ErrorCode)
+				{
+					Request.WriteResponse(ResponseCode, ContentType, File.Data[0]);
+
+					return true;
+				}
 			}
 		}