From 7bf91f2ac73e8e9ff0794d7d67ac40254db59d06 Mon Sep 17 00:00:00 2001
From: Dominika Liberda <ja@sdomi.pl>
Date: Fri, 2 Apr 2021 17:10:30 +0200
Subject: [PATCH] * fixes directory traversal in Host header

---
 src/server.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/server.sh b/src/server.sh
index 3bd9348..96d2437 100755
--- a/src/server.sh
+++ b/src/server.sh
@@ -43,10 +43,10 @@ while read -r param; do
 	elif [[ "$param_l" == *"host:"* ]]; then
 		r[host]="$(sed 's/Host: //i;s/\r//;s/\\//g' <<< "$param")"
 		r[host_portless]="$(sed -E 's/:(.*)$//' <<< "${r[host]}")"
-		if [[ -f "config/${r[host]}" ]]; then
-			source "config/${r[host]}"
-		elif [[ -f "config/${r[host_portless]}" ]]; then
-			source "config/${r[host_portless]}"
+		if [[ -f "config/$(basename -- ${r[host]})" ]]; then
+			source "config/$(basename -- ${r[host]})"
+		elif [[ -f "config/$(basename -- ${r[host_portless]})" ]]; then
+			source "config/$(basename -- ${r[host_portless]})"
 		fi
 
 	elif [[ "$param_l" == *"user-agent:"* ]]; then