DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Optimized some regular expressions

Browse source
This commit is contained in:
Dorian Niemiec 2024-03-02 22:57:27 +01:00
parent 3a966d342a
commit 067d177321
1 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
svr.js
View file

@ -1293,12 +1293,11 @@ if (process.isBun) vnum = 64;
// SVR.JS path sanitizer function // SVR.JS path sanitizer function
function sanitizeURL(resource, allowDoubleSlashes) { function sanitizeURL(resource, allowDoubleSlashes) {
if (resource == "*") return "*"; if (resource == "*" || resource == "") return resource;
if (resource == "") return "";
// Remove null characters // Remove null characters
resource = resource.replace(/%00/ig, "").replace(/\0/g, ""); resource = resource.replace(/%00|\0/g, "");
// Check if URL is malformed (e.g. %c0%af or %u002f or simply %as) // Check if URL is malformed (e.g. %c0%af or %u002f or simply %as)
if (resource.match(/%(?:c[01]|f[ef]|(?![0-9a-f]{2}).{2}|.{0,1}$)/gi)) throw new URIError("URI malformed"); if (resource.match(/%(?:c[01]|f[ef]|(?![0-9a-f]{2}).{2}|.{0,1}$)/i)) throw new URIError("URI malformed");
// Decode URL-encoded characters while preserving certain characters // Decode URL-encoded characters while preserving certain characters
resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) { resource = resource.replace(/%([0-9a-f]{2})/gi, function (match, hex) {
var decodedChar = String.fromCharCode(parseInt(hex, 16)); var decodedChar = String.fromCharCode(parseInt(hex, 16));
@ -1316,7 +1315,7 @@ function sanitizeURL(resource, allowDoubleSlashes) {
sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(allowDoubleSlashes ? /\/{3,}/g : /\/+/g, "/"); sanitizedResource = sanitizedResource.replace(/\\/g, "/").replace(allowDoubleSlashes ? /\/{3,}/g : /\/+/g, "/");
// Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths // Handle relative navigation (e.g., "/./", "/../", "../", "./"), also remove trailing dots in paths
sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "").replace(/([^.\/])\.+(?=\/|$)/g, "$1"); sanitizedResource = sanitizedResource.replace(/\/\.(?:\.{2,})?(?=\/|$)/g, "").replace(/([^.\/])\.+(?=\/|$)/g, "$1");
while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g)) { while (sanitizedResource.match(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/)) {
sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, ""); sanitizedResource = sanitizedResource.replace(/\/(?!\.\.\/)[^\/]+\/\.\.(?=\/|$)/g, "");
} }
sanitizedResource = sanitizedResource.replace(/\/\.\.(?=\/|$)/g, ""); sanitizedResource = sanitizedResource.replace(/\/\.\.(?=\/|$)/g, "");
@ -3776,7 +3775,7 @@ if (!cluster.isPrimary) {
} else if (estats.isSocket()) { } else if (estats.isSocket()) {
entry = entry.replace("[img]", "/.dirimages/socket.png").replace("[alt]", "[SCK]"); entry = entry.replace("[img]", "/.dirimages/socket.png").replace("[alt]", "[SCK]");
} }
} else if ((/README/ig).test(ename) || (/LICEN[SC]E/ig).test(ename)) { } else if (ename.match(/README|LICEN[SC]E/i)) {
entry = entry.replace("[img]", "/.dirimages/important.png").replace("[alt]", "[IMP]"); entry = entry.replace("[img]", "/.dirimages/important.png").replace("[alt]", "[IMP]");
} else if (checkEXT(ename, ".html") || checkEXT(ename, ".htm") || checkEXT(ename, ".xml") || checkEXT(ename, ".xhtml") || checkEXT(ename, ".shtml")) { } else if (checkEXT(ename, ".html") || checkEXT(ename, ".htm") || checkEXT(ename, ".xml") || checkEXT(ename, ".xhtml") || checkEXT(ename, ".shtml")) {
entry = entry.replace("[img]", "/.dirimages/html.png").replace("[alt]", (checkEXT(ename, ".xml") ? "[XML]" : "[HTM]")); entry = entry.replace("[img]", "/.dirimages/html.png").replace("[alt]", (checkEXT(ename, ".xml") ? "[XML]" : "[HTM]"));