Skip to content

Commit

Permalink
Merge pull request #40 from JacksonGL/master
Browse files Browse the repository at this point in the history 
fix a security issue in canvas-designer
  • Loading branch information
@muaz-khan
muaz-khan authored Mar 3, 2020
2 parents 6822a57 + 1a461fc commit 8edeb15
Showing 1 changed file with 20 additions and 8 deletions.
28 changes: 20 additions & 8 deletions server.js
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,40 @@
var server = require('http'),
url = require('url'),
path = require('path'),
fs = require('fs');
fs = require('fs'),
cwd = process.cwd();

function responseError(response, code, msg) {
response.writeHead(code, {
'Content-Type': 'text/plain'
});
response.write(msg);
response.end();
}

function serverHandler(request, response) {
var uri = url.parse(request.url).pathname,
filename = path.join(process.cwd(), uri);
filename = path.join(cwd, uri);

var stats;

filename = path.resolve(filename);
if (filename.indexOf(cwd) !== 0) {
responseError(response, 404,
'404 Not Found: ' + path.join('/', uri) + '\n');
return;
}

try {
stats = fs.lstatSync(filename);
} catch (e) {
response.writeHead(404, {
'Content-Type': 'text/plain'
});
response.write('404 Not Found: ' + path.join('/', uri) + '\n');
response.end();
responseError(response, 404,
'404 Not Found: ' + path.join('/', uri) + '\n');
return;
}

if (fs.statSync(filename).isDirectory()) {
filename += '/index.html';

}

var contentType;
Expand Down

0 comments on commit 8edeb15

Please sign in to comment.