Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: asset path traversal on windows
  • Loading branch information
NGPixel committed Dec 4, 2021
1 parent 112d070 commit 414033d
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions server/helpers/page.js
Expand Up @@ -35,6 +35,8 @@ module.exports = {
rawPath = rawPath.replace(unsafeCharsRegex, '')
if (rawPath === '') { rawPath = 'home' }

rawPath = rawPath.replaceAll('\\', '').replaceAll('//', '').replaceAll(/\.\.+/ig, '')

// Extract Info
let pathParts = _.filter(_.split(rawPath, '/'), p => {
p = _.trim(p)
Expand Down

0 comments on commit 414033d

Please sign in to comment.