WebServer: Make ".." equal to "." in server root directory

In the web server root directory, ".." has to be handled specially,
since everything above it does not exist from the point of view of the
user. The most sensible thing to do is to make ".." equal to ".". This
is also what ls(1) does for "/" and what "http://localhost/../"
evaluates to.

This also fixes a bug where stat() would fail on the directory above the
root directory, since it hasn't been unveiled for the process.

1 files changed, 8 insertions, 2 deletions

diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp
index ba1d1ebfeb..2237a994c2 100644
--- a/Userland/Services/WebServer/Client.cpp
+++ b/Userland/Services/WebServer/Client.cpp
@@ -217,7 +217,13 @@ void Client::handle_directory_listing(String const& requested_path, String const
         StringBuilder path_builder;
         path_builder.append(real_path);
         path_builder.append('/');
-        path_builder.append(name);
+        // NOTE: In the root directory of the webserver, ".." should be equal to ".", since we don't want
+        //       the user to see e.g. the size of the parent directory (and it isn't unveiled, so stat fails).
+        if (requested_path == "/" && name == "..")
+            path_builder.append(".");
+        else
+            path_builder.append(name);
+
         struct stat st;
         memset(&st, 0, sizeof(st));
         int rc = stat(path_builder.to_string().characters(), &st);
@@ -225,7 +231,7 @@ void Client::handle_directory_listing(String const& requested_path, String const
             perror("stat");
         }
 
-        bool is_directory = S_ISDIR(st.st_mode) || name.is_one_of(".", "..");
+        bool is_directory = S_ISDIR(st.st_mode);
 
         builder.append("<tr>");
         builder.appendff("<td><div class=\"{}\"></div></td>", is_directory ? "folder" : "file");