Extra bad path

2023-01-23 23:18:03 +00:00 · 2023-01-23 23:18:03 +00:00 · bb9af5b860
parent 0bda305948
commit bb9af5b860
1 changed files with 4 additions and 1 deletions
--- a/daemon.py
+++ b/daemon.py
@ -16702,7 +16702,10 @@ class PubServer(BaseHTTPRequestHandler):
        return False

    def _check_bad_path(self):
-        if '..' in self.path or '%2e%2e' in self.path or '%2E%2E' in self.path:
+        path_lower = self.path.lower()
+        if '..' in path_lower or \
+           '%2e%2e' in path_lower or \
+           '%252e%252e' in path_lower:
            print('WARN: bad path ' + self.path)
            self._400()
            return True