fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #2593 from devoidfury/tests-DTA-fix 

another traversal fix
This commit is contained in:
John McLear 2015-04-11 09:04:09 +01:00
parent be0a96af6e 2e4374c08d
commit f5d1cd1751
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/node/hooks/express/tests.js
View File

@ -23,6 +23,10 @@ exports.expressCreateServer = function (hook_name, args, cb) {
});
// path.join seems to normalize by default, but we'll just be explicit
var rootTestFolder = path.normalize(path.join(npm.root, "../tests/frontend/"));
var url2FilePath = function(url){
var subPath = url.substr("/tests/frontend".length);
if (subPath == ""){
@ -30,8 +34,11 @@ exports.expressCreateServer = function (hook_name, args, cb) {
}
subPath = subPath.split("?")[0];
var filePath = path.normalize(npm.root + "/../tests/frontend/")
filePath += subPath.replace("..", "");
var filePath = path.normalize(path.join(rootTestFolder, subPath));
// make sure we jail the paths to the test folder, otherwise serve index
if (filePath.indexOf(rootTestFolder) !== 0) {
filePath = path.join(rootTestFolder, "index.html");
}
return filePath;
}