From 4e7d09204fd9a8e4ea0ea0f8ebc244bcbd780c89 Mon Sep 17 00:00:00 2001
From: Johann150 <johann.galle@protonmail.com>
Date: Sat, 16 Jan 2021 13:22:56 +0100
Subject: [PATCH] only check path segments in URL

This will only check path segments specified in the request URL and not
path segments that are part of the path specified on the command line.

Otherwise if the content directory was (in) a hidden directory, or specified
with a relative path containing "." or ".." segments, nothing would be served.
---
 src/main.rs | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index d60b2d2..8633459 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -178,20 +178,15 @@ async fn send_response(url: Url, stream: &mut TlsStream<TcpStream>) -> Result {
     let mut path = std::path::PathBuf::from(&ARGS.content_dir);
     if let Some(segments) = url.path_segments() {
         for segment in segments {
+            if !ARGS.serve_secret && segment.starts_with('.') {
+                // Do not serve anything that looks like a hidden file.
+                return send_header(stream, 52, &["If I told you, it would not be a secret."])
+                    .await;
+            }
             path.push(&*percent_decode_str(segment).decode_utf8()?);
         }
     }
 
-    // Do not serve anything that looks like a hidden file.
-    if !ARGS.serve_secret
-        && path
-            .iter()
-            .filter_map(|component| component.to_str())
-            .any(|component| component.starts_with("."))
-    {
-        return send_header(stream, 52, &["If I told you, it would not be a secret."]).await;
-    }
-
     if let Ok(metadata) = tokio::fs::metadata(&path).await {
         if metadata.is_dir() {
             if url.path().ends_with('/') || url.path().is_empty() {