dont allow directory traversal

This commit is contained in:
John McLear 2015-04-10 22:02:22 +01:00
parent 7b86eb09bc
commit 9d4e5f6e35
1 changed files with 0 additions and 1 deletions

View File

@ -145,7 +145,6 @@ function minify(req, res, next)
filename = path.normalize(path.join(ROOT_DIR, filename)); filename = path.normalize(path.join(ROOT_DIR, filename));
if (filename.indexOf(ROOT_DIR) == 0) { if (filename.indexOf(ROOT_DIR) == 0) {
filename = filename.slice(ROOT_DIR.length); filename = filename.slice(ROOT_DIR.length);
filename = filename.replace(/\\/g, '/'); // Windows (safe generally?)
} else { } else {
res.writeHead(404, {}); res.writeHead(404, {});
res.end(); res.end();