diff --git a/src/Config.py b/src/Config.py
index b690848c..72084e5a 100644
--- a/src/Config.py
+++ b/src/Config.py
@@ -10,7 +10,7 @@ class Config(object):
def __init__(self, argv):
self.version = "0.5.3"
- self.rev = 2033
+ self.rev = 2034
self.argv = argv
self.action = None
self.config_file = "zeronet.conf"
diff --git a/src/Test/TestWeb.py b/src/Test/TestWeb.py
index 059bfae6..8cbce1cf 100644
--- a/src/Test/TestWeb.py
+++ b/src/Test/TestWeb.py
@@ -38,10 +38,11 @@ class TestWeb:
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
-
- assert "Not Found" in wget("%s/content.db" % site_url)
- assert "Not Found" in wget("%s/./key-rsa.pem" % site_url)
- assert "Not Found" in wget("%s/././././././././././//////sites.json" % site_url)
+
+ assert "Forbidden" in wget("%s/content.db" % site_url)
+ assert "Forbidden" in wget("%s/./users.json" % site_url)
+ assert "Forbidden" in wget("%s/./key-rsa.pem" % site_url)
+ assert "Forbidden" in wget("%s/././././././././././//////sites.json" % site_url)
def testLinkSecurity(self, browser, site_url):
browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)
diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 4d004fb0..44fbd6af 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -374,6 +374,8 @@ class UiRequest(object):
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
+ if not address or address == ".":
+ return self.error403(path_parts["inner_path"])
if os.path.isfile(file_path): # File exists
return self.actionFile(file_path, header_length=header_length)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect