Browse Source
fix: asset path traversal on windows
pull/4789/head
NGPixel
3 years ago
No known key found for this signature in database
GPG Key ID: 8FDA2F1757F60D63
1 changed files with
2 additions and
0 deletions
-
server/helpers/page.js
|
|
@ -35,6 +35,8 @@ module.exports = { |
|
|
rawPath = rawPath.replace(unsafeCharsRegex, '') |
|
|
rawPath = rawPath.replace(unsafeCharsRegex, '') |
|
|
if (rawPath === '') { rawPath = 'home' } |
|
|
if (rawPath === '') { rawPath = 'home' } |
|
|
|
|
|
|
|
|
|
|
|
rawPath = rawPath.replaceAll('\\', '').replaceAll('//', '').replaceAll(/\.\.+/ig, '') |
|
|
|
|
|
|
|
|
// Extract Info
|
|
|
// Extract Info
|
|
|
let pathParts = _.filter(_.split(rawPath, '/'), p => { |
|
|
let pathParts = _.filter(_.split(rawPath, '/'), p => { |
|
|
p = _.trim(p) |
|
|
p = _.trim(p) |
|
|
|
