From 741c53ddfe7af2ef3721b72ebe29c23ef10de9e0 Mon Sep 17 00:00:00 2001
From: threeoh6000 <master@colean.cc>
Date: Mon, 22 Jan 2024 18:26:18 +0000
Subject: [PATCH 1/2] preliminary version number

---
 Cargo.lock | 2 +-
 Cargo.toml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e183697..bcc8b19 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -10,7 +10,7 @@ checksum = "17cbf58e19f2bda088d8c4c95a46b41895375e15a2d63dd686a4273f8c43d46b"
 
 [[package]]
 name = "herb"
-version = "0.8.1"
+version = "0.9.0-develop"
 dependencies = [
  "frostwalker",
  "packeteer",
diff --git a/Cargo.toml b/Cargo.toml
index 8d096d0..ea823de 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "herb"
-version = "0.8.1"
+version = "0.9.0-develop"
 edition = "2018"
 
 [dependencies]
-- 
2.34.1


From b74271c0141da0e275f90de255508aa409190d9d Mon Sep 17 00:00:00 2001
From: threeoh6000 <master@colean.cc>
Date: Mon, 22 Jan 2024 21:09:09 +0000
Subject: [PATCH 2/2] add url normalisation

---
 Cargo.lock  | 2 +-
 Cargo.toml  | 2 +-
 src/main.rs | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index bcc8b19..916c105 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -10,7 +10,7 @@ checksum = "17cbf58e19f2bda088d8c4c95a46b41895375e15a2d63dd686a4273f8c43d46b"
 
 [[package]]
 name = "herb"
-version = "0.9.0-develop"
+version = "0.8.2-develop"
 dependencies = [
  "frostwalker",
  "packeteer",
diff --git a/Cargo.toml b/Cargo.toml
index ea823de..fcbdac9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "herb"
-version = "0.9.0-develop"
+version = "0.8.2-develop"
 edition = "2018"
 
 [dependencies]
diff --git a/src/main.rs b/src/main.rs
index a82967a..89dee32 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -335,6 +335,11 @@ fn process_request(request: Vec<u8>, settings: Settings) -> Resource {
  		    println!("Stream sent GET request.");
         }
 		if request.location.segments.len() != 0 {
+            if request.location.segments[0] == ".." || request.location.segments[0] == "." {
+    		    let resource = Resource { contents: "<!DOCTYPE HTML><html><body><h1>400 Bad Request</h1><p>The request you sent appears to be malformed.</p></body></html>".to_string().into_bytes(), status_code: 400, mime: "text/html".to_string(), iscgi: false };
+         		return resource;
+	        }
+
 			let segclone = request.location.segments.clone();
 			path = unwrap_url_into_segments(request.location);
 			if path.contains(".cgi/") {
-- 
2.34.1