Permalink
Browse files

* Prevent /etc and /var reading when run from root.

  Thanks @d3vc0r3 for the report.
1 parent 493a713 commit 8f96e0e1aaff99de54358dc29af438eecc679a22 @audreyt committed Mar 7, 2017
Showing with 12 additions and 0 deletions.
  1. +10 −0 main.js
  2. +2 −0 src/main.ls
View
Oops, something went wrong.
View
@@ -53,6 +53,8 @@
new-room = -> require \uuid-pure .newId 12 36 .toLowerCase!
@get '/': sendFile \index.html
+ @get '/etc/*': -> @response.send 404 ''
+ @get '/var/*': -> @response.send 404 ''
#@get '/favicon.ico': -> @response.send 404 ''
#return site icons
@get '/favicon.ico': sendFile \favicon.ico

0 comments on commit 8f96e0e

Please sign in to comment.