added additional check in file handler to prevent that url attacks are hidden in url path encodings

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@4637 6c8d7289-2bf4-0310-a012-ef5d649a1542

source/de/anomic/http/httpdFileHandler.java

@@ -296,6 +296,12 @@ public final class httpdFileHandler {
                 assert(false) : "UnsupportedEncodingException: " + e.getMessage();
             }
             
+            // check again hack attacks in path
+            if (path.indexOf("..") >= 0) {
+                httpd.sendRespondError(conProp,out,4,403,null,"Access not allowed",null);
+                return;
+            }
+            
             // check permission/granted access
             String authorization = (String) requestHeader.get(httpHeader.AUTHORIZATION);
             String adminAccountBase64MD5 = switchboard.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "");