Further harden checking that scan-view isn't serving up pages outside the server root. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165839 91177308-0d34-0410-b5e6-96231b3b80d8

commit: 7642b9a55e853c27531e078da34ca95148182c3d [log] [tgz]
author: Ted Kremenek <kremenek@apple.com> Fri Oct 12 22:56:38 2012 +0000
committer: Ted Kremenek <kremenek@apple.com> Fri Oct 12 22:56:38 2012 +0000
tree: 263bfe6888c5b5233a0b05429d0c24157d2464e2
parent: 441ee1dfa5ff8d904ad07dc3b7837c44d9f173eb [diff]
diff --git a/tools/scan-view/ScanView.py b/tools/scan-view/ScanView.py
index 3e03f1a..32570b9 100644
--- a/tools/scan-view/ScanView.py
+++ b/tools/scan-view/ScanView.py

@@ -708,8 +708,8 @@
 
     def send_path(self, path):
         # If the requested path is outside the root directory, do not open it
-        rel = os.path.relpath(path, self.server.root)
-        if rel.startswith(os.pardir + os.sep):
+        rel = os.path.abspath(os.path.join(self.server.root, path))
+        if not rel.startswith(os.path.abspath(self.server.root) ):
           return self.send_404()
         
         ctype = self.guess_type(path)
commit	7642b9a55e853c27531e078da34ca95148182c3d	[log] [tgz]
author	Ted Kremenek <kremenek@apple.com>	Fri Oct 12 22:56:38 2012 +0000
committer	Ted Kremenek <kremenek@apple.com>	Fri Oct 12 22:56:38 2012 +0000
tree	263bfe6888c5b5233a0b05429d0c24157d2464e2
parent	441ee1dfa5ff8d904ad07dc3b7837c44d9f173eb [diff]