Permalink
Browse files

fixed '.' (dot) replacement for path security

  • Loading branch information...
1 parent 286ab65 commit c95673573eb0d32e4edd4d6ad17d9cb6fa6ef7f0 @kadirpekel committed Dec 17, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/meryl.js
View
@@ -309,7 +309,7 @@ Meryl.prototype = {
function render(templateName, data) {
templateName = templateName || '/';
- templateName = templateName.replace(/\.\./, '.', 'g');
+ templateName = templateName.replace(/\.+/, '\.', 'g');
data = data || {};
data.request = req;

0 comments on commit c956735

Please sign in to comment.