Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

[bz4647743] Remove static handler's check for malicious paths #87

Closed
add0n opened this Issue · 1 comment

2 participants

@add0n

we should be able to just remove statements like this, because Mojito closes all bad URLs down:

// Potentially malicious path
if (~path.indexOf('..')) {
return forbidden(res);
}
@gissues:{"order":66.66666666666666,"status":"backlog"}

@caridy
Owner

0.5.x static handler relies entirely on the store and the urls produced by the store, anything else is ignored (404).

@caridy caridy closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.