if ($path !~ /^\// ) { $path = "/$path" ;}
[download]

GET ../etc/passwd HTTP/1.0
[download]

Graciliano M. P.
"The creativity is the expression of the liberty".

Hack this.

sub normalize_path {
  my ( $path ) = @_ ;
  return '' unless $path;
  # ensure that multiple %HH encoded stuff is decoded completely (know
+n hack)
  1 while $path =~ s/%([0-9a-fA-F]{2})/chr hex $1/ge;
  # get rid of those damn back slashes
  $path =~ s!\\+!/!g;
  # I don't see the need for many more chars than these
  # as the stated purpose is docs, not cgi ?;&= are
  # pointless, espacially as I just destroyed the query
  # string (potentially) if these are encoded with %HH
  $path =~ s![^\w \Q-?&;:,=./#\E]!!g;
  # fix ../ we don't have any \ left to fool us
  $path =~ s!\.\.?/!!g;
  # trim leading whitespace
  $path =~ s/^\s+//g;
  # allow single spaces for say Documents and Settings
  $path =~ s/ +/ /g;
  return  $path ;
}
[download]

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Hack this.

Piece of cake:

my $up_dir = '.../...//';
my $path = ($up_dir x 10) . 'etc/passwd';
print normalize_path($path), "\n";
[download]

Prints:

../../../../../../../../../../etc/passwd
[download]

--
Ilya Martynov, ilya@iponweb.net
CTO IPonWEB (UK) Ltd
Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net
Personal website - http://martynov.org