From d6c776b618f8d84f28eb69aa9113ffce599cad9b Mon Sep 17 00:00:00 2001
From: Arun Isaac
Date: Fri, 13 Mar 2020 21:29:16 +0530
Subject: Deny requests to all html files except index.html.

* ennu.el (ennu-server-start): Deny requests to all html files except
index.html.
---
 ennu.el | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/ennu.el b/ennu.el
index 69e8a93..5cd1d1a 100644
--- a/ennu.el
+++ b/ennu.el
@@ -486,10 +486,15 @@ as keys. Keys are compared using `equal'."
   (setq httpd-root (expand-file-name (ennu-setting :output-directory)
                                      (ennu-setting :working-directory)))
   (defun httpd/ (proc uri-path query request)
-    (let ((uri-path (httpd-unhex uri-path)))
-      (pcase (httpd-status (httpd-gen-path uri-path))
-        (200 (httpd-serve-root proc httpd-root uri-path request))
-        (_ (httpd-serve-root proc httpd-root (concat uri-path ".html") request)))))
+    (let ((uri-path (httpd-unhex uri-path))
+          (file-path (httpd-gen-path uri-path)))
+      (cond
+       ((and (not (string= (file-name-nondirectory file-path) "index.html"))
+             (string= (file-name-extension file-path) "html"))
+        (httpd-error proc 404))
+       ((= (httpd-status file-path) 200)
+        (httpd-serve-root proc httpd-root uri-path request))
+       (t (httpd-serve-root proc httpd-root (concat uri-path ".html") request)))))
   (httpd-start))
 
 (defun ennu-server-stop ()
-- 
cgit v1.2.3