Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Let's sanitize windows path too, now we can run paperboy on MinGW-com…

…piled NodeJS.
  • Loading branch information...
commit 445e0310bed22d3f6644d127fb298caedda1d189 1 parent 9683582
@UnderCooled authored
Showing with 2 additions and 1 deletion.
  1. +2 −1  lib/paperboy.js
View
3  lib/paperboy.js
@@ -5,12 +5,13 @@ var
path = require('path');
exports.filepath = function (webroot, url) {
+ var pathsep = (process.platform !== 'win32') ? '/' : '\\';
// Unescape URL to prevent security holes
url = decodeURIComponent(url);
// Append index.html if path ends with '/'
fp = path.normalize(path.join(webroot, (url.match(/\/$/)=='/') ? url+'index.html' : url));
// Sanitize input, make sure people can't use .. to get above webroot
- if (webroot[webroot.length - 1] !== '/') webroot += '/';
+ if (webroot[webroot.length - 1] !== pathsep) webroot += pathsep;
if (fp.substr(0, webroot.length) != webroot)
return(['Permission Denied', null]);
else
Please sign in to comment.
Something went wrong with that request. Please try again.