sanitize path from URL

2016-04-11 09:08:51 +00:00 · 2016-04-11 09:08:51 +00:00 · d720d7365a
commit d720d7365a
--- a/plugins/c9.vfs.standalone/standalone.js
+++ b/plugins/c9.vfs.standalone/standalone.js
@ -176,7 +176,7 @@ function plugin(options, imports, register) {
    
    api.get("/update/:path*", function(req, res, next) {
        var filename = req.params.path;
-        var path = resolve(__dirname + "/../../build/output/" + filename);
+        var path = resolve(__dirname + "/../../build/output/" + resolve("/" + filename));
        
        var stream = fs.createReadStream(path);
        stream.on("error", function(err) {