diff options
| author | Liam Mitchell <[email protected]> | 2026-01-29 17:49:10 -0800 |
|---|---|---|
| committer | Liam Mitchell <[email protected]> | 2026-01-29 17:49:10 -0800 |
| commit | 6e23c75a81d1ab9a6555c013216f860b24dad125 (patch) | |
| tree | 73f511f3a52169c3a34b4a4f17e51eeb1d205a43 /src/zenserver/storage/projectstore/httpprojectstore.cpp | |
| parent | Revert to previous behaviour for path checking in the presence of an empty pr... (diff) | |
| download | zen-6e23c75a81d1ab9a6555c013216f860b24dad125.tar.xz zen-6e23c75a81d1ab9a6555c013216f860b24dad125.zip | |
Disallow external file reads from project with unset project roots
Diffstat (limited to 'src/zenserver/storage/projectstore/httpprojectstore.cpp')
| -rw-r--r-- | src/zenserver/storage/projectstore/httpprojectstore.cpp | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/zenserver/storage/projectstore/httpprojectstore.cpp b/src/zenserver/storage/projectstore/httpprojectstore.cpp index 10207a388..86b4d7100 100644 --- a/src/zenserver/storage/projectstore/httpprojectstore.cpp +++ b/src/zenserver/storage/projectstore/httpprojectstore.cpp @@ -2900,14 +2900,17 @@ HttpProjectService::HandleRpcRequest(HttpRouterRequest& Req) if (DataHash == IoHash::Zero) { - std::string_view ServerPath = View["serverpath"sv].AsString(); - std::error_code Ec; - std::filesystem::path FilePath = Project->RootDir / ServerPath; - if (!CanonicalRoot.empty()) + std::string_view ServerPath = View["serverpath"sv].AsString(); + if (CanonicalRoot.empty()) { - FilePath = std::filesystem::canonical(FilePath, Ec); + ZEN_WARN("Attempting to load file '{}' from project with unset project root", ServerPath); + AllOk = false; + continue; } + std::error_code Ec; + const std::filesystem::path FilePath = std::filesystem::canonical(Project->RootDir / ServerPath, Ec); + if (Ec) { ZEN_WARN("Failed to find file '{}' in project root '{}' for 'snapshot'. Reason: '{}'", |