Let's sanitize windows path too, now we can run paperboy on MinGW-compile #13

Closed
wants to merge 1 commit into
from
View
@@ -5,12 +5,13 @@ var
path = require('path');
exports.filepath = function (webroot, url) {
+ var pathsep = (process.platform !== 'win32') ? '/' : '\\';
// Unescape URL to prevent security holes
url = decodeURIComponent(url);
// Append index.html if path ends with '/'
fp = path.normalize(path.join(webroot, (url.match(/\/$/)=='/') ? url+'index.html' : url));
// Sanitize input, make sure people can't use .. to get above webroot
- if (webroot[webroot.length - 1] !== '/') webroot += '/';
+ if (webroot[webroot.length - 1] !== pathsep) webroot += pathsep;
if (fp.substr(0, webroot.length) != webroot)
return(['Permission Denied', null]);
else