diff --git a/config.json b/config.json
index c370392..674dacd 100644
--- a/config.json
+++ b/config.json
@@ -3,7 +3,7 @@
"port": 80,
"pubport": 80,
"page404": "404.html",
- "timestamp": 1694196507492,
+ "timestamp": 1694212357224,
"blacklist": [],
"nonStandardCodes": [],
"enableCompression": true,
@@ -14,7 +14,7 @@
"enableDirectoryListingWithDefaultHead": false,
"serverAdministratorEmail": "[no contact information]",
"stackHidden": false,
- "enableRemoteLogBrowsing": true,
+ "enableRemoteLogBrowsing": false,
"exposeServerVersion": true,
"disableServerSideScriptExpose": true,
"rewriteMap": [
@@ -102,4 +102,4 @@
"errorPages": [],
"useWebRootServerSideScript": true,
"exposeModsInErrorPages": true
-}
\ No newline at end of file
+}
diff --git a/index.html b/index.html
index 9b1060d..246489c 100644
--- a/index.html
+++ b/index.html
@@ -40,7 +40,7 @@
"enableDirectoryListingWithDefaultHead": false,
"serverAdministratorEmail": "[no contact information]",
"stackHidden": false,
- "enableRemoteLogBrowsing": true,
+ "enableRemoteLogBrowsing": false,
"exposeServerVersion": true,
"disableServerSideScriptExpose": true,
"rewriteMap": [
diff --git a/svr.js b/svr.js
index 767159e..1433be5 100644
--- a/svr.js
+++ b/svr.js
@@ -1793,11 +1793,10 @@ if (useWebRootServerSideScript) {
} else {
forbiddenPaths.serverSideScripts.push(getInitializePath("./serverSideScript.js"));
}
-forbiddenPaths.serverSideScripts.push(getInitializePath("./temp/serverSideScript.js"));
forbiddenPaths.serverSideScriptDirectories = [];
-forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./temp/modloader"));
forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./node_modules"));
forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./mods"));
+forbiddenPaths.temp = getInitializePath("./temp");
forbiddenPaths.log = getInitializePath("./log");
// Create server
@@ -4283,7 +4282,11 @@ if (!cluster.isPrimary) {
callServerError(403);
serverconsole.errmessage("Access to configuration file/certificates is denied.");
return;
- } else if (isIndexOfForbiddenPath(decodedHref, "log") && !isProxy && (configJSON.enableLogging || configJSON.enableLogging == undefined) && !(configJSON.enableRemoteLogBrowsing || configJSON.enableRemoteLogBrowsing == undefined)) {
+ } else if (isForbiddenPath(decodedHref, "temp") && !isProxy) {
+ callServerError(403);
+ serverconsole.errmessage("Access to temporary folder is denied.");
+ return;
+ } else if (isIndexOfForbiddenPath(decodedHref, "log") && !isProxy && (configJSON.enableLogging || configJSON.enableLogging == undefined) && !configJSON.enableRemoteLogBrowsing) {
callServerError(403);
serverconsole.errmessage("Access to log files is denied.");
return;
@@ -5498,7 +5501,7 @@ function saveConfig() {
if (configJSONobj.enableDirectoryListingWithDefaultHead === undefined) configJSONobj.enableDirectoryListingWithDefaultHead = false;
if (configJSONobj.serverAdministratorEmail === undefined) configJSONobj.serverAdministratorEmail = "[no contact information]";
if (configJSONobj.stackHidden === undefined) configJSONobj.stackHidden = false;
- if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = true;
+ if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = false;
if (configJSONobj.exposeServerVersion === undefined) configJSONobj.exposeServerVersion = true;
if (configJSONobj.disableServerSideScriptExpose === undefined) configJSONobj.disableServerSideScriptExpose = true;
if (configJSONobj.allowStatus === undefined) configJSONobj.allowStatus = true;
@@ -5514,7 +5517,7 @@ function saveConfig() {
if (configJSONobj.errorPages === undefined) configJSONobj.errorPages = [];
if (configJSONobj.useWebRootServerSideScript === undefined) configJSONobj.useWebRootServerSideScript = true;
if (configJSONobj.exposeModsInErrorPages === undefined) configJSONobj.exposeModsInErrorPages = true;
-
+
var configString = JSON.stringify(configJSONobj, null, 2);
fs.writeFileSync(__dirname + "/config.json", configString);
break;