forked from svrjs/svrjs
Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url could be vulnerable to path traversal.
This commit is contained in:
parent
dc23125ce4
commit
08816fe4f3
3 changed files with 13 additions and 5 deletions
1
404.html
1
404.html
|
@ -1 +0,0 @@
|
|||
{path}
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"users": [],
|
||||
"port": 80,
|
||||
"port": 5555,
|
||||
"pubport": 80,
|
||||
"page404": "404.html",
|
||||
"timestamp": 1693865100955,
|
||||
"timestamp": 1694020816055,
|
||||
"blacklist": [],
|
||||
"nonStandardCodes": [],
|
||||
"enableCompression": true,
|
||||
|
|
9
svr.js
9
svr.js
|
@ -4043,6 +4043,7 @@ if (!cluster.isPrimary) {
|
|||
|
||||
// Sanitize URL
|
||||
var sanitizedHref = sanitizeURL(href);
|
||||
var preparedReqUrl = uobject.pathname + (uobject.search ? uobject.search : "") + (uobject.hash ? uobject.hash : "");
|
||||
|
||||
// Check if URL is "dirty"
|
||||
if (href != sanitizedHref && !isProxy) {
|
||||
|
@ -4076,6 +4077,14 @@ if (!cluster.isPrimary) {
|
|||
redirect(sanitizedURL, false);
|
||||
return;
|
||||
}
|
||||
} else if(req.url != preparedReqUrl && !isProxy) {
|
||||
serverconsole.resmessage("URL sanitized: " + req.url + " => " + preparedReqUrl);
|
||||
if(rewriteDirtyURLs) {
|
||||
req.url = preparedReqUrl;
|
||||
} else {
|
||||
redirect(preparedReqUrl, false);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Handle redirects to HTTPS
|
||||
|
|
Reference in a new issue