libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-20 06:29:53 +01:00
Code Issues Projects Releases Wiki Activity

dont allow directory traversal #2

Browse source
This commit is contained in:
louis 2015-04-12 17:12:35 +02:00
parent 0dfecb3af7
commit 0fa7650df8
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/node/utils/Minify.js
View file

@ -165,7 +165,6 @@ function minify(req, res, next)
var plugin = plugins.plugins[library]; var plugin = plugins.plugins[library];
var pluginPath = plugin.package.realPath; var pluginPath = plugin.package.realPath;
filename = path.relative(ROOT_DIR, pluginPath + libraryPath); filename = path.relative(ROOT_DIR, pluginPath + libraryPath);
filename = filename.replace(/\\/g, '/'); // Windows (safe generally?)
} else if (LIBRARY_WHITELIST.indexOf(library) != -1) { } else if (LIBRARY_WHITELIST.indexOf(library) != -1) {
// Go straight into node_modules // Go straight into node_modules
// Avoid `require.resolve()`, since 'mustache' and 'mustache/index.js' // Avoid `require.resolve()`, since 'mustache' and 'mustache/index.js'