Subj : src/sbbs3/websrvr.c
To   : Git commit to main/sbbs/master
From : Rob Swindell
Date : Sat Jun 05 2021 12:42 am

https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
Modified Files:
	src/sbbs3/websrvr.c
Log Message:
Don't allow colons in web-requested path names on Windows

This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other
potential pathname issues on Windows involving colons.

There are other illegal filename characters on Windows (e.g. <>|"?*), but
filenames with these characters aren't expected to pass the later stat() test,
so should fail with a 404 error.

.