Commit b0cf8304 authored by Alex Skalozub's avatar Alex Skalozub

Disallow WebDAV MKCOL/PUT/DELETE requests to protected files (like .htpasswd)

parent 0d9fe39d
...@@ -4268,6 +4268,8 @@ static void open_local_endpoint(struct connection *conn, int skip_user) { ...@@ -4268,6 +4268,8 @@ static void open_local_endpoint(struct connection *conn, int skip_user) {
#ifndef MONGOOSE_NO_DAV #ifndef MONGOOSE_NO_DAV
} else if (!strcmp(conn->mg_conn.request_method, "PROPFIND")) { } else if (!strcmp(conn->mg_conn.request_method, "PROPFIND")) {
handle_propfind(conn, path, &st, exists); handle_propfind(conn, path, &st, exists);
} else if (must_hide_file(conn, path)) {
send_http_error(conn, 404, NULL);
} else if (!strcmp(conn->mg_conn.request_method, "MKCOL")) { } else if (!strcmp(conn->mg_conn.request_method, "MKCOL")) {
handle_mkcol(conn, path); handle_mkcol(conn, path);
} else if (!strcmp(conn->mg_conn.request_method, "DELETE")) { } else if (!strcmp(conn->mg_conn.request_method, "DELETE")) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment