forked from svrjs/svrjs
LTS: Fixed bug with ENOTDIR error (was 500, now it's 404) and with forbidden path checker.
This commit is contained in:
svrjs
parent
eab4122ef5
commit
04639c426f
4 changed files with 34 additions and 13 deletions
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.17</title>
|
||||
<title>SVR.JS 3.4.18</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to SVR.JS 3.4.17</h1>
|
||||
<h1>Welcome to SVR.JS 3.4.18</h1>
|
||||
<br/>
|
||||
<img src="/logo.png" style="width: 256px;" />
|
||||
<br/>
|
||||
|
|
@ -110,8 +110,8 @@
|
|||
</div>
|
||||
<p>Changes:</p>
|
||||
<ul>
|
||||
<li>Improved URL sanitizer.</li>
|
||||
<li>Fixed bug with formidable wrapper.</li>
|
||||
<li>Fixed bug with ENOTDIR error (was 500, now it's 404).</li>
|
||||
<li>Fixed bug with forbidden path checker.</li>
|
||||
</ul>
|
||||
<p>Bugs:</p>
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.17 Licenses</title>
|
||||
<title>SVR.JS 3.4.18 Licenses</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,8 +12,8 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.4.17 Licenses</h1>
|
||||
<h2>SVR.JS 3.4.17</h2>
|
||||
<h1>SVR.JS 3.4.18 Licenses</h1>
|
||||
<h2>SVR.JS 3.4.18</h2>
|
||||
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
|
||||
MIT License<br/>
|
||||
<br/>
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
|
||||
SOFTWARE.<br/>
|
||||
</div>
|
||||
<h2>Packages used by SVR.JS 3.4.17 and utilities</h2>
|
||||
<h2>Packages used by SVR.JS 3.4.18 and utilities</h2>
|
||||
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
|
||||
<div style="float: right;">License: MIT</div>
|
||||
<div style="font-size: 20px;">
|
||||
|
|
|
|||
27
svr.js
27
svr.js
|
|
@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
|
|||
}
|
||||
|
||||
var os = require("os");
|
||||
var version = "3.4.17";
|
||||
var version = "3.4.18";
|
||||
var singlethreaded = false;
|
||||
|
||||
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
|
||||
|
|
@ -1444,10 +1444,10 @@ function checkIfForbiddenPath(decodedHref, match) {
|
|||
function checkIfIndexOfForbiddenPath(decodedHref, match) {
|
||||
var mo = forbiddenPaths[match];
|
||||
if (!mo) return false;
|
||||
if (typeof mo == "string") return decodedHref == mo || decodedHref.indexOf(mo + "/") == 0 || (os.platform() == "win32" && (decodedHref.toLowerCase() == mo.toLowerCase() || decodedHref.toLowerCase().indexOf(mo.toLowerCase()) == 0));
|
||||
if (typeof mo == "string") return decodedHref == mo || decodedHref.indexOf(mo + "/") == 0 || (os.platform() == "win32" && (decodedHref.toLowerCase() == mo.toLowerCase() || decodedHref.toLowerCase().indexOf(mo.toLowerCase() + "/") == 0));
|
||||
if (typeof mo == "object") {
|
||||
for (var i = 0; i < mo.length; i++) {
|
||||
if (decodedHref == mo || decodedHref.indexOf(mo[i] + "/") == 0 || (os.platform() == "win32" && (decodedHref.toLowerCase() == mo[i].toLowerCase() || decodedHref.toLowerCase().indexOf(mo[i].toLowerCase()) == 0))) return true;
|
||||
if (decodedHref == mo[i] || decodedHref.indexOf(mo[i] + "/") == 0 || (os.platform() == "win32" && (decodedHref.toLowerCase() == mo[i].toLowerCase() || decodedHref.toLowerCase().indexOf(mo[i].toLowerCase() + "/") == 0))) return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
|
|
@ -1963,6 +1963,8 @@ if (!cluster.isMaster) {
|
|||
var additionalError = 500;
|
||||
if (ex.code == "ENOENT") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "ENOTDIR") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "EACCES") {
|
||||
additionalError = 403;
|
||||
} else if (ex.code == "EMFILE") {
|
||||
|
|
@ -2366,6 +2368,8 @@ if (!cluster.isMaster) {
|
|||
var additionalError = 500;
|
||||
if (ex.code == "ENOENT") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "ENOTDIR") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "EACCES") {
|
||||
additionalError = 403;
|
||||
} else if (ex.code == "EMFILE") {
|
||||
|
|
@ -3042,6 +3046,8 @@ if (!cluster.isMaster) {
|
|||
// Handle additional error cases
|
||||
if (ex.code == "ENOENT") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "ENOTDIR") {
|
||||
additionalError = 404;
|
||||
} else if (ex.code == "EACCES") {
|
||||
additionalError = 403;
|
||||
} else if (ex.code == "EMFILE") {
|
||||
|
|
@ -3343,6 +3349,9 @@ if (!cluster.isMaster) {
|
|||
if (err.code == "ENOENT") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "ENOTDIR") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "EACCES") {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access denied.");
|
||||
|
|
@ -3538,6 +3547,9 @@ if (!cluster.isMaster) {
|
|||
if (ex.code == "ENOENT") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (ex.code == "ENOTDIR") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (ex.code == "EACCES") {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access denied.");
|
||||
|
|
@ -3565,6 +3577,9 @@ if (!cluster.isMaster) {
|
|||
if (err.code == "ENOENT") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "ENOTDIR") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "EACCES") {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access denied.");
|
||||
|
|
@ -3657,6 +3672,9 @@ if (!cluster.isMaster) {
|
|||
if (err.code == "ENOENT") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "ENOTDIR") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (err.code == "EACCES") {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access denied.");
|
||||
|
|
@ -3711,6 +3729,9 @@ if (!cluster.isMaster) {
|
|||
if (ex.code == "ENOENT") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (ex.code == "ENOTDIR") {
|
||||
callServerError(404);
|
||||
serverconsole.errmessage("Resource not found.");
|
||||
} else if (ex.code == "EACCES") {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access denied.");
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.17 Tests</title>
|
||||
<title>SVR.JS 3.4.18 Tests</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.4.17 Tests</h1>
|
||||
<h1>SVR.JS 3.4.18 Tests</h1>
|
||||
<h2>Directory</h2>
|
||||
<iframe src="/testdir" width="50%" height="300px"></iframe>
|
||||
<h2>Directory (with query)</h2>
|
||||
|
|
|
|||
Reference in a new issue