dont allow directory traversal
This commit is contained in:
parent
7b86eb09bc
commit
9d4e5f6e35
|
@ -145,7 +145,6 @@ function minify(req, res, next)
|
||||||
filename = path.normalize(path.join(ROOT_DIR, filename));
|
filename = path.normalize(path.join(ROOT_DIR, filename));
|
||||||
if (filename.indexOf(ROOT_DIR) == 0) {
|
if (filename.indexOf(ROOT_DIR) == 0) {
|
||||||
filename = filename.slice(ROOT_DIR.length);
|
filename = filename.slice(ROOT_DIR.length);
|
||||||
filename = filename.replace(/\\/g, '/'); // Windows (safe generally?)
|
|
||||||
} else {
|
} else {
|
||||||
res.writeHead(404, {});
|
res.writeHead(404, {});
|
||||||
res.end();
|
res.end();
|
||||||
|
|
Loading…
Reference in New Issue