@@ -9,7 +9,7 @@ var https = require('https');
99var http = require ( "http" ) ;
1010var opn = require ( 'opn' ) ;
1111
12-
12+ const useHttps = argv . ssl || argv . https ;
1313
1414var server ;
1515
@@ -20,7 +20,7 @@ const NO_ROOT_FILE_ERROR_MESSAGE = "Error: Could not find index.html within the
2020returnDistFile ( true ) ;
2121
2222// Start with with/without https
23- if ( argv . ssl || argv . https ) {
23+ if ( useHttps ) {
2424 pem . createCertificate ( { days : 1 , selfSigned : true } , function ( err , keys ) {
2525 var options = {
2626 key : keys . serviceKey ,
@@ -38,7 +38,7 @@ if (argv.ssl || argv.https) {
3838function start ( ) {
3939 server . listen ( getPort ( ) , function ( ) {
4040 if ( argv . open == true || argv . o ) {
41- opn ( ( ( argv . ssl ) ? 'https' : 'http' ) + "://localhost:" + getPort ( ) ) ;
41+ opn ( ( ( useHttps ) ? 'https' : 'http' ) + "://localhost:" + getPort ( ) ) ;
4242 }
4343 return console . log ( "Listening on " + getPort ( ) ) ;
4444 } ) ;
@@ -69,9 +69,7 @@ function requestListener(req, res) {
6969 // Attaches path prefix with --path option
7070 var possibleFilename = resolveUrl ( url . slice ( 1 ) ) || "dummy" ;
7171
72- var safeFileName = path . normalize ( possibleFilename ) . replace ( / ^ ( \. \. [ \/ \\ ] ) + / , '' ) ;
73- // Insert "." to ensure file is read relatively (Security)
74- var safeFullFileName = path . join ( "." , safeFileName ) ;
72+ var safeFullFileName = safeFileName ( possibleFilename ) ;
7573
7674 fs . stat ( safeFullFileName , function ( err , stats ) {
7775 var fileBuffer ;
@@ -154,3 +152,10 @@ function log() {
154152 console . log . apply ( console , arguments ) ;
155153 }
156154}
155+
156+ // Prevents a file path being provided that uses '..'
157+ function safeFileName ( possibleFilename ) {
158+ let tmp = path . normalize ( possibleFilename ) . replace ( / ^ ( \. \. [ \/ \\ ] ) + / , '' ) ;
159+ // Insert "." to ensure file is read relatively (Security)
160+ return path . join ( "." , tmp ) ;
161+ }
0 commit comments