From 7557af3db7db392fc12bdab19e4bc27d0bf92d56 Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Thu, 1 Sep 2011 23:24:51 +0200
Subject: [PATCH] Fix directory traversal fixing RegExp

---
 node/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/server.js b/node/server.js
index 3014423bd..2bebe6a24 100644
--- a/node/server.js
+++ b/node/server.js
@@ -100,7 +100,7 @@ async.waterfall([
     { 
       res.header("Server", serverName);
       var filePath = path.normalize(__dirname + "/.." +
-                                    req.url.replace(/\./g, '').split("?")[0]);
+                                    req.url.replace(/\.\./g, '').split("?")[0]);
       res.sendfile(filePath, { maxAge: exports.maxAge });
     });