From 9e99dc104f45cfdbc531b3ad90bbb4612a49bc7d Mon Sep 17 00:00:00 2001
From: Tijmen van Nesselrooij <tijmen_222@hotmail.com>
Date: Sat, 15 Jun 2019 21:10:01 +0200
Subject: [PATCH] Put double dot check after path construction for extra safety

---
 src/middleware/staticcontent.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/middleware/staticcontent.cpp b/src/middleware/staticcontent.cpp
index bdd4224..b860a7c 100644
--- a/src/middleware/staticcontent.cpp
+++ b/src/middleware/staticcontent.cpp
@@ -61,13 +61,6 @@ namespace Middleware
 			}
 		}
 
-		if (ContainsDoubleDots(request.url.GetPath()))
-		{
-			// We cannot deal with this, we are not going to bother checking if
-			// this double dot escapes our root directory
-			return;
-		}
-
 		std::string path;
 		if (request.url.HasPath())
 		{
@@ -79,6 +72,13 @@ namespace Middleware
 			path = root + "/index.html"; 
 		}
 
+		if (ContainsDoubleDots(request.url.GetPath()))
+		{
+			// We cannot deal with this, we are not going to bother checking if
+			// this double dot escapes our root directory
+			return;
+		}
+
 		if (!TryReadAllBytes(path, response.content))
 		{
 			return;