atreyabain/nodejs-fm
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

Fix sandboxing(#1)

Browse Source
This commit is contained in:
Atreya Bain
2019-05-24 11:04:51 +05:30
parent 5e41f1ceb0
commit 41534493b7
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
index.js
View File

@@ -44,7 +44,7 @@ let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirma
app.post('/files/ls',(req,res,next)=>{
const location = processing.mergedir(req.body.loc,settings)
const nloc = path.normalize(req.body.loc);
//Make sure not escaping the given path; insecure
if(inDir(settings.dirname,location)){
fs.readdir(location,{withFileTypes:true},(err,files)=>{
@@ -53,8 +53,8 @@ app.post('/files/ls',(req,res,next)=>{
}
else{
res.json({
"location": location ,
"back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(location,'..')):null,
"loc": nloc ,
"back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(nloc,'..')):null,
"contents":processing.dirprocess(files,location,settings)
})
}