Browse files

FIX: Root Jail rejected all requests with 'Access denied'

The comparison between the root path and the filepath did reject all
files. (At least if you .server('.') ). Fixed by resolving each path to
an absolute path with path.resolve() and comparing absolute paths. In
addition, this seems to me to be a saver comparison. Possibly reduces
the cache memory footprint as the key is now the full path. (Is only
true if previously multiple relative paths lead to the same absolute
path.)
  • Loading branch information...
1 parent 13b9372 commit 09788551b5ece0380f3439a69519c577ebd002aa @cimnine cimnine committed Aug 11, 2011
Showing with 5 additions and 5 deletions.
  1. +5 −5 lib/node-static.js
View
10 lib/node-static.js
@@ -20,7 +20,7 @@ this.indexStore = {};
this.Server = function (root, options) {
if (root && (typeof(root) === 'object')) { options = root, root = null }
- this.root = path.normalize(root || '.');
+ this.root = path.resolve(root || '.');
this.options = options || {};
this.cache = 3600;
@@ -77,7 +77,7 @@ this.Server.prototype.serveFile = function (pathname, status, headers, req, res)
var that = this;
var promise = new(events.EventEmitter);
- pathname = this.normalize(pathname);
+ pathname = this.resolve(pathname);
fs.stat(pathname, function (e, stat) {
if (e) {
@@ -124,7 +124,7 @@ this.Server.prototype.servePath = function (pathname, status, headers, req, res,
var that = this,
promise = new(events.EventEmitter);
- pathname = this.normalize(pathname);
+ pathname = this.resolve(pathname);
// Only allow GET and HEAD requests
if (req.method !== 'GET' && req.method !== 'HEAD') {
@@ -152,8 +152,8 @@ this.Server.prototype.servePath = function (pathname, status, headers, req, res,
}
return promise;
};
-this.Server.prototype.normalize = function (pathname) {
- return path.normalize(path.join(this.root, pathname));
+this.Server.prototype.resolve = function (pathname) {
+ return path.resolve(path.join(this.root, pathname));
};
this.Server.prototype.serve = function (req, res, callback) {
var that = this,

0 comments on commit 0978855

Please sign in to comment.