kopia lustrzana https://github.com/c9/core
Merge pull request +13343 from c9/standalone-fix-security-m10
sanitize path from URLpull/290/head
commit
2433da1f70
|
@ -176,7 +176,7 @@ function plugin(options, imports, register) {
|
||||||
|
|
||||||
api.get("/update/:path*", function(req, res, next) {
|
api.get("/update/:path*", function(req, res, next) {
|
||||||
var filename = req.params.path;
|
var filename = req.params.path;
|
||||||
var path = resolve(__dirname + "/../../build/output/" + filename);
|
var path = resolve(__dirname + "/../../build/output/" + resolve("/" + filename));
|
||||||
|
|
||||||
var stream = fs.createReadStream(path);
|
var stream = fs.createReadStream(path);
|
||||||
stream.on("error", function(err) {
|
stream.on("error", function(err) {
|
||||||
|
|
Ładowanie…
Reference in New Issue