Merge pull request #2606 from 0x46616c6b/traversal-fix-2

dont allow directory traversal #2
This commit is contained in:
John McLear 2015-04-12 18:27:18 +01:00
commit 431c55811f
1 changed files with 0 additions and 1 deletions

View File

@ -165,7 +165,6 @@ function minify(req, res, next)
var plugin = plugins.plugins[library]; var plugin = plugins.plugins[library];
var pluginPath = plugin.package.realPath; var pluginPath = plugin.package.realPath;
filename = path.relative(ROOT_DIR, pluginPath + libraryPath); filename = path.relative(ROOT_DIR, pluginPath + libraryPath);
filename = filename.replace(/\\/g, '/'); // Windows (safe generally?)
} else if (LIBRARY_WHITELIST.indexOf(library) != -1) { } else if (LIBRARY_WHITELIST.indexOf(library) != -1) {
// Go straight into node_modules // Go straight into node_modules
// Avoid `require.resolve()`, since 'mustache' and 'mustache/index.js' // Avoid `require.resolve()`, since 'mustache' and 'mustache/index.js'