handleStaticDir :: FilePath -> Resource ()
handleStaticDir basePath
= do extraPath <- getPathInfo
+ securityCheck extraPath
let path = basePath ++ "/" ++ joinWith "/" extraPath
handleStaticFile path
+ where
+ securityCheck :: Monad m => [String] -> m ()
+ securityCheck pathElems
+ = when (any (== "..") pathElems) $ fail ("security error: "
+ ++ joinWith "/" pathElems)