Fix directory traversal fixing RegExp

jacobdanner · Sep 1, 2011 · 7557af3 · 7557af3
1 parent a1a1017
commit 7557af3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/node/server.js b/node/server.js
@@ -100,7 +100,7 @@ async.waterfall([
     { 
       res.header("Server", serverName);
       var filePath = path.normalize(__dirname + "/.." +
-                                    req.url.replace(/\./g, '').split("?")[0]);
+                                    req.url.replace(/\.\./g, '').split("?")[0]);
       res.sendfile(filePath, { maxAge: exports.maxAge });
     });