mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-03-03 07:29:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update docs on chmod permissions (#336)

Browse source 
Closes #335
This commit is contained in:
Paul Kulchenko 2022-03-07 18:13:49 -08:00 committed by GitHub
parent 4abae20172
commit 1e3c5e10ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tool/net/help.txt
View file

@ -961,6 +961,10 @@ FUNCTIONS
request routing needed for serving assets. This function returns request routing needed for serving assets. This function returns
true if the request was resolved. If it was resolved, then your true if the request was resolved. If it was resolved, then your
OnHttpRequest request handler can still set additional headers. OnHttpRequest request handler can still set additional headers.
Note that the asset needs to have "read other" permissions;
otherwise this function logs a warning and returns 403 Forbidden.
If this is undesirable, use GetAssetMode and ServeAsset to bypass
the check.
ServeAsset(path:str) ServeAsset(path:str)
Instructs redbean to serve static asset at path. This function Instructs redbean to serve static asset at path. This function

3
tool/net/redbean.c
View file

@ -6231,6 +6231,9 @@ static char *RoutePath(const char *path, size_t pathlen) {
struct Asset *a; struct Asset *a;
DEBUGF("(srvr) RoutePath(%`'.*s)", pathlen, path); DEBUGF("(srvr) RoutePath(%`'.*s)", pathlen, path);
if ((a = GetAsset(path, pathlen))) { if ((a = GetAsset(path, pathlen))) {
// only allow "read other" permissions for security
// and consistency with handling of "external" files
// in this and other webservers
if ((m = GetMode(a)) & 0004) { if ((m = GetMode(a)) & 0004) {
if (!S_ISDIR(m)) { if (!S_ISDIR(m)) {
return HandleAsset(a, path, pathlen); return HandleAsset(a, path, pathlen);