From 358746b091b39c22053a6fd2d73b5ed277a5c14f Mon Sep 17 00:00:00 2001
From: Nadav Ivgi <nadav@shesek.info>
Date: Sun, 17 Dec 2017 19:30:51 +0200
Subject: [PATCH] Correct regex for outside-of-basedir files

---
 lib/files.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/files.js b/lib/files.js
index 79767ff..5550483 100644
--- a/lib/files.js
+++ b/lib/files.js
@@ -23,7 +23,7 @@ module.exports = (base, default_price, invoice_ttl, files_attr) => {
         , ext      = fileExt(name)
         , attr     = files_attr[relpath] || {}
 
-    if (/^\.?\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
+    if (/^\.\.\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
 
     const file = { fullpath, path: relpath, urlpath: escape(relpath), name, ext, dirname, attr }
         , stat = await fs.stat(fullpath)