From d3a94f748d362dfeada219d91597fcd0f42af68a Mon Sep 17 00:00:00 2001
From: Fabian Jakobs <fabian.jakobs@web.de>
Date: Fri, 15 Jan 2016 11:05:08 +0000
Subject: [PATCH] fix M8: Files Outside of Workspace Can Be Accessed via
 Directory Traversal

fixes https://github.com/c9/newclient/issues/11380
---
 node_modules/vfs-http-adapter/restful.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/node_modules/vfs-http-adapter/restful.js b/node_modules/vfs-http-adapter/restful.js
index 1360f757..15ae85df 100644
--- a/node_modules/vfs-http-adapter/restful.js
+++ b/node_modules/vfs-http-adapter/restful.js
@@ -19,12 +19,13 @@ module.exports = function setup(mount, vfs, mountOptions) {
         if (code) res.statusCode = code;
         else if (typeof err.code == "number") res.statusCode = err.code;
         else if (err.code === "EBADREQUEST") res.statusCode = 400;
+        else if (err.code === "EACCESS") res.statusCode = 403;
         else if (err.code === "EACCES") res.statusCode = 403;
         else if (err.code === "ENOENT") res.statusCode = 404;
         else if (err.code === "ENOTREADY") res.statusCode = 503;
         else if (err.code === "EISDIR") res.statusCode = 503;
         else res.statusCode = 500;
-        var message = (err.stack || err) + "\n";
+        var message = (err.message || err.toString()) + "\n";
         res.setHeader("Content-Type", "text/plain");
         res.setHeader("Content-Length", Buffer.byteLength(message));
         res.end(message);