From 15ca36cf161dab6ec9402a1b99c3216291ce2058 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Sun, 10 Sep 2023 10:50:18 +0200
Subject: [PATCH] Fixed security vulnerability with information leakage from
 "temp" directory

---
 svr.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/svr.js b/svr.js
index 01fed57..21cdd71 100644
--- a/svr.js
+++ b/svr.js
@@ -4287,7 +4287,7 @@ if (!cluster.isPrimary) {
         callServerError(403);
         serverconsole.errmessage("Access to configuration file/certificates is denied.");
         return;
-      } else if (isForbiddenPath(decodedHref, "temp") && !isProxy) {
+      } else if (isIndexOfForbiddenPath(decodedHref, "temp") && !isProxy) {
         callServerError(403);
         serverconsole.errmessage("Access to temporary folder is denied.");
         return;