dont allow directory traversal

This commit is contained in:
John McLear 2015-04-10 22:02:22 +01:00
parent 7b86eb09bc
commit 9d4e5f6e35
1 changed files with 0 additions and 1 deletions

View File

@ -145,7 +145,6 @@ function minify(req, res, next)
filename = path.normalize(path.join(ROOT_DIR, filename));
if (filename.indexOf(ROOT_DIR) == 0) {
filename = filename.slice(ROOT_DIR.length);
filename = filename.replace(/\\/g, '/'); // Windows (safe generally?)
} else {
res.writeHead(404, {});
res.end();