Fix sandboxing(#2)

index.js

@@ -44,7 +44,8 @@ let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirma
 
 app.post('/files/ls',(req,res,next)=>{
     const location = processing.mergedir(req.body.loc,settings)
-    const nloc = path.normalize(req.body.loc);
+    //const nloc = path.normalize(req.body.loc);
+    const nloc = path.normalize(path.relative(settings.dirname,location))
     //Make sure not escaping the given path; insecure
     if(inDir(settings.dirname,location)){
         fs.readdir(location,{withFileTypes:true},(err,files)=>{

processing.js

@@ -12,7 +12,7 @@ module.exports.dirprocess = (dirstream,location,settings)=>{
         {
             contents.push({
                 "name":element.name,
-                "path":path.normalize(path.join(location,element.name)) ,
+                "path":path.relative(settings.dirname,path.normalize(path.join(location,element.name))) ,
                 "isDir": element.isDirectory()
             })
         }

test.js

@@ -18,7 +18,8 @@ describe('Page Status',()=>{
     it('POST /files/ls the home page',(done)=>{
         chai.request(testScript).post('/files/ls').send({'loc':'/'}).end((err,res)=>{
             res.should.have.status(200)
-            res.body.should.have.property('loc').eql('/')
+            res.body.should.have.property('loc').eql('.')
+            
             res.body.should.have.property('back').eql(null)
             //TODO: MAKE SURE JSON FILE
             done()