Correct regex for outside-of-basedir files
This commit is contained in:
parent
80a61d5f53
commit
358746b091
|
@ -23,7 +23,7 @@ module.exports = (base, default_price, invoice_ttl, files_attr) => {
|
|||
, ext = fileExt(name)
|
||||
, attr = files_attr[relpath] || {}
|
||||
|
||||
if (/^\.?\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
|
||||
if (/^\.\.\//.test(relpath) || reIgnore.test(name)) throw new Error('forbidden')
|
||||
|
||||
const file = { fullpath, path: relpath, urlpath: escape(relpath), name, ext, dirname, attr }
|
||||
, stat = await fs.stat(fullpath)
|
||||
|
|
Loading…
Reference in New Issue