atreyabain/nodejs-fm
1
0
Fork 0
Code Issues Pull Requests Wiki Activity

Fix sandboxing(#2)

Browse Source
This commit is contained in:
Atreya Bain
2019-05-24 11:25:10 +05:30
parent 29de9a63f9
commit e39c28539e
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
index.js
View File

@@ -44,7 +44,8 @@ let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirma
app.post('/files/ls',(req,res,next)=>{
const location = processing.mergedir(req.body.loc,settings)
const nloc = path.normalize(req.body.loc);
//const nloc = path.normalize(req.body.loc);
const nloc = path.normalize(path.relative(settings.dirname,location))
//Make sure not escaping the given path; insecure
if(inDir(settings.dirname,location)){
fs.readdir(location,{withFileTypes:true},(err,files)=>{