forked from svrjs/svrjs
Fixed security vulnerability with information leakage from "temp" directory
This commit is contained in:
parent
d0064ee083
commit
15ca36cf16
1 changed files with 1 additions and 1 deletions
2
svr.js
2
svr.js
|
@ -4287,7 +4287,7 @@ if (!cluster.isPrimary) {
|
||||||
callServerError(403);
|
callServerError(403);
|
||||||
serverconsole.errmessage("Access to configuration file/certificates is denied.");
|
serverconsole.errmessage("Access to configuration file/certificates is denied.");
|
||||||
return;
|
return;
|
||||||
} else if (isForbiddenPath(decodedHref, "temp") && !isProxy) {
|
} else if (isIndexOfForbiddenPath(decodedHref, "temp") && !isProxy) {
|
||||||
callServerError(403);
|
callServerError(403);
|
||||||
serverconsole.errmessage("Access to temporary folder is denied.");
|
serverconsole.errmessage("Access to temporary folder is denied.");
|
||||||
return;
|
return;
|
||||||
|
|
Reference in a new issue