aboutsummaryrefslogtreecommitdiff
path: root/src/zenserver/storage/projectstore/httpprojectstore.cpp
diff options
context:
space:
mode:
authorLiam Mitchell <[email protected]>2026-01-29 17:49:10 -0800
committerLiam Mitchell <[email protected]>2026-01-29 17:49:10 -0800
commit6e23c75a81d1ab9a6555c013216f860b24dad125 (patch)
tree73f511f3a52169c3a34b4a4f17e51eeb1d205a43 /src/zenserver/storage/projectstore/httpprojectstore.cpp
parentRevert to previous behaviour for path checking in the presence of an empty pr... (diff)
downloadzen-6e23c75a81d1ab9a6555c013216f860b24dad125.tar.xz
zen-6e23c75a81d1ab9a6555c013216f860b24dad125.zip
Disallow external file reads from project with unset project roots
Diffstat (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp')
-rw-r--r--src/zenserver/storage/projectstore/httpprojectstore.cpp13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp
index 10207a388..86b4d7100 100644
--- a/src/zenserver/storage/projectstore/httpprojectstore.cpp
+++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp
@@ -2900,14 +2900,17 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req)
if (DataHash == IoHash::Zero)
{
- std::string_view ServerPath = View["serverpath"sv].AsString();
- std::error_code Ec;
- std::filesystem::path FilePath = Project->RootDir / ServerPath;
- if (!CanonicalRoot.empty())
+ std::string_view ServerPath = View["serverpath"sv].AsString();
+ if (CanonicalRoot.empty())
{
- FilePath = std::filesystem::canonical(FilePath, Ec);
+ ZEN_WARN("Attempting to load file '{}' from project with unset project root", ServerPath);
+ AllOk = false;
+ continue;
}
+ std::error_code Ec;
+ const std::filesystem::path FilePath = std::filesystem::canonical(Project->RootDir / ServerPath, Ec);
+
if (Ec)
{
ZEN_WARN("Failed to find file '{}' in project root '{}' for 'snapshot'. Reason: '{}'",