Be aware that on Windows, there are CGI and directory traversal vulnerabilities still not fixed. UNIX is OK.
On 30/12/2007, Sergey Lyubka <[EMAIL PROTECTED]> wrote: > The file name is being urldecoded. '+' is substituted with space. > urldecode the '+' sign. So the request must look like > http://server/%2B0123456789.txt > > On 30/12/2007, ron <[EMAIL PROTECTED]> wrote: > > Hi, > > First, let me thank you for your work to provide this > > very handy HTTP server. > > > > My use of SHTTPD is as a local lab application to > > interact with a network device that "calls home". It > > asks for a file of the form: "+0123456789.txt". SHTTPD > > is setup to furnish that file. > > > > Because SHTTPD is small, produces a log and is easily > > and intuitive to setup, after brief testing I included > > it as part of a procedure that I published. Perfect. > > > > Lo and behold, it doesn't work! While other simular > > servers tolerate the "+" character in the name, SHTTPD > > does not. The file will appear in the directory just > > fine, but when requested, it gives a 404 error. > > > > Since SHTTPD is nearly ideal for this type of > > application, I hope this problem can be resolved > > easily, maybe with just a patch. But, in any case, a > > solution for this type of issue seems straightforward > > with a recompile. Where do I start? :) > > > > Ron > > > > > > > > > > > > ____________________________________________________________________________________ > > Be a better friend, newshound, and > > know-it-all with Yahoo! Mobile. Try it now. > > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > shttpd-general mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/shttpd-general > > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ shttpd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shttpd-general
