It's 2022 ... updating all of the copyright notices in webcit-ng

[citadel.git] / webcit-ng / static.c

diff --git a/webcit-ng/static.c b/webcit-ng/static.c
index f2b7811e0fd5a61ad614ca8af6d5fd3d8b5adb99..f4aefa776a5879723937877c24e76a0e86304036 100644 (file)
--- a/webcit-ng/static.c
+++ b/webcit-ng/static.c
@@ -1,7 +1,6 @@
-//
 // Output static content
 //
-// Copyright (c) 1996-2021 by the citadel.org team
+// Copyright (c) 1996-2022 by the citadel.org team
 //
 // This program is open source software.  It runs great on the
 // Linux operating system (and probably elsewhere).  You can use,
@@ -16,12 +15,21 @@
 #include "webcit.h"
 
 
-// Called from perform_request() to handle the /ctdl/s/ prefix -- always static content.
+// Called from perform_request() to handle static content.
 void output_static(struct http_transaction *h) {
        char filename[PATH_MAX];
        struct stat statbuf;
 
-       snprintf(filename, sizeof filename, "static/%s", &h->url[8]);
+       if (!strncasecmp(h->url, "/ctdl/s/", 8)) {
+               snprintf(filename, sizeof filename, "static/%s", &h->url[8]);
+       }
+       else if (!strncasecmp(h->url, "/.well-known/", 13)) {
+               snprintf(filename, sizeof filename, "static/.well-known/%s", &h->url[13]);
+       }
+       else {
+               do_404(h);
+               return;
+       }
 
        if (strstr(filename, "../")) {          // 100% guaranteed attacker.
                do_404(h);                      // Die in a car fire.
@@ -30,6 +38,7 @@ void output_static(struct http_transaction *h) {
 
        FILE *fp = fopen(filename, "r");        // Try to open the requested file.
        if (fp == NULL) {
+               syslog(LOG_DEBUG, "%s: %s", filename, strerror(errno));
                do_404(h);
                return;
        }