public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2593 from devoidfury/tests-DTA-fix 

another traversal fix
pull/2594/merge
John McLear 2015-04-11 09:04:09 +01:00
parent be0a96af6e 2e4374c08d
commit f5d1cd1751
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/node/hooks/express/tests.js
View File

@ -23,6 +23,10 @@ exports.expressCreateServer = function (hook_name, args, cb) {
}); });
// path.join seems to normalize by default, but we'll just be explicit
var rootTestFolder = path.normalize(path.join(npm.root, "../tests/frontend/"));
var url2FilePath = function(url){ var url2FilePath = function(url){
var subPath = url.substr("/tests/frontend".length); var subPath = url.substr("/tests/frontend".length);
if (subPath == ""){ if (subPath == ""){
@ -30,8 +34,11 @@ exports.expressCreateServer = function (hook_name, args, cb) {
} }
subPath = subPath.split("?")[0]; subPath = subPath.split("?")[0];
var filePath = path.normalize(npm.root + "/../tests/frontend/") var filePath = path.normalize(path.join(rootTestFolder, subPath));
filePath += subPath.replace("..", ""); // make sure we jail the paths to the test folder, otherwise serve index
if (filePath.indexOf(rootTestFolder) !== 0) {
filePath = path.join(rootTestFolder, "index.html");
}
return filePath; return filePath;
} }