From 41534493b764cfa0f5c27e842bc71b772a6aa844 Mon Sep 17 00:00:00 2001
From: Christopher Rose <christophervrose@gmail.com>
Date: Fri, 24 May 2019 11:04:51 +0530
Subject: [PATCH] Fix sandboxing(#1)

---
 README.md      | 3 +++
 index.js       | 6 +++---
 static/base.js | 2 +-
 test.js        | 2 ++
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index c917d42..b8ef24e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
 # nodejs-fm
+
+[![Build Status](https://travis-ci.org/chrisvrose/nodejs-fm.svg?branch=master)](https://travis-ci.org/chrisvrose/nodejs-fm)
+
 A simple file manager for managing files on a remote fs using Node. 
 
 Dependencies: `express` `body-parser` `sqlite`
diff --git a/index.js b/index.js
index 9e87b05..edd8f63 100644
--- a/index.js
+++ b/index.js
@@ -44,7 +44,7 @@ let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirma
 
 app.post('/files/ls',(req,res,next)=>{
     const location = processing.mergedir(req.body.loc,settings)
-
+    const nloc = path.normalize(req.body.loc);
     //Make sure not escaping the given path; insecure
     if(inDir(settings.dirname,location)){
         fs.readdir(location,{withFileTypes:true},(err,files)=>{
@@ -53,8 +53,8 @@ app.post('/files/ls',(req,res,next)=>{
             }
             else{
                 res.json({
-                    "location": location ,
-                    "back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(location,'..')):null,
+                    "loc": nloc ,
+                    "back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(nloc,'..')):null,
                     "contents":processing.dirprocess(files,location,settings)
                 })
             }
diff --git a/static/base.js b/static/base.js
index 82e2532..4d320b2 100644
--- a/static/base.js
+++ b/static/base.js
@@ -20,7 +20,7 @@ function updateContents(contents){
     //console.log(contents)
 
     // Change top header contents
-    $('#files-location').html(currDir.loc)
+    $('#files-location').html(contents.loc)
 
     // if empty, return null, this shouldnt execute if the server is responding properly but ok
     if(contents===null) {
diff --git a/test.js b/test.js
index c346125..96653d1 100644
--- a/test.js
+++ b/test.js
@@ -18,6 +18,8 @@ describe('Page Status',()=>{
     it('POST /files/ls the home page',(done)=>{
         chai.request(testScript).post('/files/ls').send({'loc':'/'}).end((err,res)=>{
             res.should.have.status(200)
+            res.body.should.have.property('loc').eql('/')
+            res.body.should.have.property('back').eql(null)
             //TODO: MAKE SURE JSON FILE
             done()
         })