diff options
author | Andrey Belov <defan@nginx.com> | 2012-02-13 16:32:21 +0000 |
---|---|---|
committer | Andrey Belov <defan@nginx.com> | 2012-02-13 16:32:21 +0000 |
commit | 8ce8f6667f3f14c004148138c0aec3dff79c350b (patch) | |
tree | 5dae7abaf7499a6e4d5bafe1d6e742d78f53989e /src/http/modules/ngx_http_index_module.c | |
parent | bd1e719bf9c4bc58076e7b52e87be645c9b803f5 (diff) | |
download | nginx-8ce8f6667f3f14c004148138c0aec3dff79c350b.tar.gz nginx-8ce8f6667f3f14c004148138c0aec3dff79c350b.zip |
Support for disable_symlinks in various modules.
Diffstat (limited to 'src/http/modules/ngx_http_index_module.c')
-rw-r--r-- | src/http/modules/ngx_http_index_module.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_index_module.c b/src/http/modules/ngx_http_index_module.c index 0835a7cf8..7d99c18e5 100644 --- a/src/http/modules/ngx_http_index_module.c +++ b/src/http/modules/ngx_http_index_module.c @@ -209,6 +209,9 @@ ngx_http_index_handler(ngx_http_request_t *r) of.test_only = 1; of.errors = clcf->open_file_cache_errors; of.events = clcf->open_file_cache_events; +#if (NGX_HAVE_OPENAT) + of.disable_symlinks = clcf->disable_symlinks; +#endif if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool) != NGX_OK) @@ -220,6 +223,14 @@ ngx_http_index_handler(ngx_http_request_t *r) return NGX_HTTP_INTERNAL_SERVER_ERROR; } +#if (NGX_HAVE_OPENAT) + if (of.err == NGX_EMLINK + || of.err == NGX_ELOOP) + { + return NGX_HTTP_FORBIDDEN; + } +#endif + if (of.err == NGX_ENOTDIR || of.err == NGX_ENAMETOOLONG || of.err == NGX_EACCES) @@ -296,12 +307,23 @@ ngx_http_index_test_dir(ngx_http_request_t *r, ngx_http_core_loc_conf_t *clcf, of.test_only = 1; of.valid = clcf->open_file_cache_valid; of.errors = clcf->open_file_cache_errors; +#if (NGX_HAVE_OPENAT) + of.disable_symlinks = clcf->disable_symlinks; +#endif if (ngx_open_cached_file(clcf->open_file_cache, &dir, &of, r->pool) != NGX_OK) { if (of.err) { +#if (NGX_HAVE_OPENAT) + if (of.err == NGX_EMLINK + || of.err == NGX_ELOOP) + { + return NGX_HTTP_FORBIDDEN; + } +#endif + if (of.err == NGX_ENOENT) { *last = c; return ngx_http_index_error(r, clcf, dir.data, NGX_ENOENT); |