1
0
Fork 0
forked from svrjs/svrjs

Fixed security vulnerability with information leakage from "temp" directory

This commit is contained in:
Dorian Niemiec 2023-09-10 10:50:18 +02:00
parent d0064ee083
commit 15ca36cf16

2
svr.js
View file

@ -4287,7 +4287,7 @@ if (!cluster.isPrimary) {
callServerError(403); callServerError(403);
serverconsole.errmessage("Access to configuration file/certificates is denied."); serverconsole.errmessage("Access to configuration file/certificates is denied.");
return; return;
} else if (isForbiddenPath(decodedHref, "temp") && !isProxy) { } else if (isIndexOfForbiddenPath(decodedHref, "temp") && !isProxy) {
callServerError(403); callServerError(403);
serverconsole.errmessage("Access to temporary folder is denied."); serverconsole.errmessage("Access to temporary folder is denied.");
return; return;