5530b8e1ca4559e0b195c09086370853b6c78c01,htroot/yacy/transfer.java,transfer,respond,#httpHeader#serverObjects#serverSwitch#,63

Before Change



        if (filename.indexOf("..") >= 0) {
            // reject paths that contain '..' because they are dangerous
            sb.getLog().logFine("RankingTransmission: rejected wrong path '" + filename + "' from peer " + oseed.getName() + "/" + oseed.getPublicAddress()+ ", current IP " + header.get(httpHeader.CONNECTION_PROP_CLIENTIP, "unknown"));
            return prop;
        }

After Change


        }

        yacySeed otherseed = yacyCore.seedDB.get(otherpeer);
        if ((otherseed == null) || (filename.indexOf("..") >= 0)) {
            // reject unknown peers: this does not appear fair, but anonymous senders are dangerous
            // reject paths that contain '..' because they are dangerous
            if (otherseed == null) sb.getLog().logFine("RankingTransmission: rejected unknown peer '" + otherpeer + "', current IP " + header.get(httpHeader.CONNECTION_PROP_CLIENTIP, "unknown"));
            if (filename.indexOf("..") >= 0) sb.getLog().logFine("RankingTransmission: rejected wrong path '" + filename + "' from peer " + otherseed.getName() + "/" + otherseed.getPublicAddress()+ ", current IP " + header.get(httpHeader.CONNECTION_PROP_CLIENTIP, "unknown"));
            return prop;
        }