BTCPrivate
/
btcp-digital-store
mirror of https://github.com/BTCPrivate/btcp-digital-store.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Correct regex for outside-of-basedir files

This commit is contained in:
Nadav Ivgi 2017-12-17 19:30:51 +02:00
parent 80a61d5f53
commit 358746b091
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/files.js
View File

@ -23,7 +23,7 @@ module.exports = (base, default_price, invoice_ttl, files_attr) => {
, ext = fileExt(name)
, attr = files_attr[relpath] || {}
if (/^\.?\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
if (/^\.\.\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
const file = { fullpath, path: relpath, urlpath: escape(relpath), name, ext, dirname, attr }
, stat = await fs.stat(fullpath)