From 39019e9c92af5deaba8b2cd0c4022a0956281bd1 Mon Sep 17 00:00:00 2001
From: parhedberg <par.hedberg@gmail.com>
Date: Wed, 7 Dec 2022 18:24:51 +0100
Subject: [PATCH] Fix for securing wlan.ini (#1509)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix for securing wlan.ini

* Fixing error with ' instead of "

* Changing to errorcode 403

* maybe strcmp instead of regular ==

Co-authored-by: Pär Hedberg <par.hedberg@nordicmedtest.se>
---
 code/components/jomjol_fileserver_ota/server_file.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/code/components/jomjol_fileserver_ota/server_file.cpp b/code/components/jomjol_fileserver_ota/server_file.cpp
index 6058245e..5665855b 100644
--- a/code/components/jomjol_fileserver_ota/server_file.cpp
+++ b/code/components/jomjol_fileserver_ota/server_file.cpp
@@ -831,6 +831,12 @@ static esp_err_t delete_post_handler(httpd_req_t *req)
             return ESP_FAIL;
         }
 
+        if (strcmp(filename, "wlan.ini") == 0) {
+            ESP_LOGE(TAG, "Trying to delete protected file : %s", filename);
+            httpd_resp_send_err(req, HTTPD_403_FORBIDDEN, "Not allowed to delete wlan.ini");
+            return ESP_FAIL;
+        }
+
         if (stat(filepath, &file_stat) == -1) {
             ESP_LOGE(TAG, "File does not exist: %s", filename);
             /* Respond with 400 Bad Request */