public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #148 from adrianlang/master 

Fix directory traversal
pull/149/head
Peter 'Pita' Martischka 2011-09-01 14:36:23 -07:00
parent 7e4bba0e31 86d3b2ba81
commit a1a1017bfe
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
node/server.js
View File

@ -99,7 +99,8 @@ async.waterfall([
app.get('/static/*', function(req, res) app.get('/static/*', function(req, res)
{ {
res.header("Server", serverName); res.header("Server", serverName);
var filePath = path.normalize(__dirname + "/.." + req.url.split("?")[0]); var filePath = path.normalize(__dirname + "/.." +
req.url.replace(/\./g, '').split("?")[0]);
res.sendfile(filePath, { maxAge: exports.maxAge }); res.sendfile(filePath, { maxAge: exports.maxAge });
}); });