Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix a bug in path filtering #12

Merged
merged 1 commit into from Apr 19, 2017
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 4 additions & 2 deletions nodeLib/index.js
Expand Up @@ -26,6 +26,7 @@ exports.start = function(conf){
pathurl,
hostConf = CONF[ host[0] ],
root,
basePath,
agent;
if( hostConf && (host[1] | 0) === (hostConf.port | 0) ){ //域名识别
conf = hostConf;
Expand All @@ -34,6 +35,7 @@ exports.start = function(conf){
}
conf.hostname = conf.host || req.headers.host;
root = conf.root;
basePath = path.resolve(root);
if( typeof filter.execute(req,resp,conf) !== "undefined"){
return false; //有返回值的时候, 防止继续运行
} //过滤器提前, 可以修改url
Expand All @@ -56,7 +58,7 @@ exports.start = function(conf){
// 资源未找到时, 处理信息
var other = function (_req, _resp, _handle, _conf, _pathurl){
var m = modules.get( _pathurl.replace('/','') );
if(m){
if(m && m.execute){
m.execute(_req,_resp,_conf.root,_handle,_conf);
}else if(_conf.agent && _conf.agent.get && (agent = _conf.agent.get(_pathurl, _req, _resp, _conf) ) ){ // 代理过滤
require('./filter/agent').execute(_req,_resp,agent,_req.url);
Expand Down Expand Up @@ -87,7 +89,7 @@ exports.start = function(conf){

fs.stat(pathname,function(error, stats){
pathname = path.resolve(pathname); // 正则化路径
if (pathname.indexOf(root) !== 0) { // directory traversal
if (pathname.indexOf(basePath) !== 0) { // directory traversal
other(req, resp, handle, conf, pathurl);
return;
}
Expand Down