diff options
| author | John McLear <john@mclear.co.uk> | 2015-04-10 22:02:22 +0100 |
|---|---|---|
| committer | John McLear <john@mclear.co.uk> | 2015-04-10 22:02:22 +0100 |
| commit | 9d4e5f6e35153129377206ef545d4965afae627d (patch) | |
| tree | 136ba57f01f8684f3ee5b2591f6a040f1cdbbbce /src/node/utils | |
| parent | 7b86eb09bc2235dd2683fb72601934dbcea3a9eb (diff) | |
| download | etherpad-lite-9d4e5f6e35153129377206ef545d4965afae627d.zip | |
dont allow directory traversal
Diffstat (limited to 'src/node/utils')
| -rw-r--r-- | src/node/utils/Minify.js | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/node/utils/Minify.js b/src/node/utils/Minify.js index da101f8d..ba45ab75 100644 --- a/src/node/utils/Minify.js +++ b/src/node/utils/Minify.js @@ -145,7 +145,6 @@ function minify(req, res, next) filename = path.normalize(path.join(ROOT_DIR, filename)); if (filename.indexOf(ROOT_DIR) == 0) { filename = filename.slice(ROOT_DIR.length); - filename = filename.replace(/\\/g, '/'); // Windows (safe generally?) } else { res.writeHead(404, {}); res.end(); |