forked from svrjs/svrjs
Update to SVR.JS 3.4.34
This commit is contained in:
parent
9bd93966e4
commit
67770b224b
5 changed files with 22 additions and 21 deletions
|
|
@ -14,7 +14,7 @@
|
|||
"enableDirectoryListingWithDefaultHead": false,
|
||||
"serverAdministratorEmail": "[no contact information]",
|
||||
"stackHidden": false,
|
||||
"enableRemoteLogBrowsing": true,
|
||||
"enableRemoteLogBrowsing": false,
|
||||
"exposeServerVersion": true,
|
||||
"disableServerSideScriptExpose": true,
|
||||
"rewriteMap": [
|
||||
|
|
@ -96,4 +96,4 @@
|
|||
"sni": {},
|
||||
"disableNonEncryptedServer": false,
|
||||
"disableToHTTPSRedirect": false
|
||||
}
|
||||
}
|
||||
|
|
|
|||
12
index.html
12
index.html
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.32</title>
|
||||
<title>SVR.JS 3.4.34</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to SVR.JS 3.4.32</h1>
|
||||
<h1>Welcome to SVR.JS 3.4.34</h1>
|
||||
<br/>
|
||||
<img src="/logo.png" style="width: 256px;" />
|
||||
<br/>
|
||||
|
|
@ -36,7 +36,7 @@
|
|||
"enableDirectoryListingWithDefaultHead": false,<br/>
|
||||
"serverAdministratorEmail": "[no contact information]",<br/>
|
||||
"stackHidden": false,<br/>
|
||||
"enableRemoteLogBrowsing": true,<br/>
|
||||
"enableRemoteLogBrowsing": false,<br/>
|
||||
"exposeServerVersion": true,<br/>
|
||||
"disableServerSideScriptExpose": false,<br/>
|
||||
"rewriteMap": [<br/>
|
||||
|
|
@ -119,10 +119,8 @@
|
|||
</div>
|
||||
<p>Changes:</p>
|
||||
<ul>
|
||||
<li>Added "svrmodpack" deprecation warning.</li>
|
||||
<li>Removed unmaintained primitive analytics mod.</li>
|
||||
<li>Removed unmaintained and undocumented hexstrbase64 library.</li>
|
||||
<li>Added TypeError workaround for Bun 1.0.0</li>
|
||||
<li>Changed enableRemoteLogBrowsing property to be false by default.</li>
|
||||
<li>Mitigated security vulnerability: Sensitive data is no longer leaked from temp directory inside SVR.JS installation directory.</li>
|
||||
</ul>
|
||||
<p>Bugs:</p>
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.32 Licenses</title>
|
||||
<title>SVR.JS 3.4.34 Licenses</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,8 +12,8 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.4.32 Licenses</h1>
|
||||
<h2>SVR.JS 3.4.32</h2>
|
||||
<h1>SVR.JS 3.4.34 Licenses</h1>
|
||||
<h2>SVR.JS 3.4.34</h2>
|
||||
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
|
||||
MIT License<br/>
|
||||
<br/>
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
|
||||
SOFTWARE.<br/>
|
||||
</div>
|
||||
<h2>Packages used by SVR.JS 3.4.32 and utilities</h2>
|
||||
<h2>Packages used by SVR.JS 3.4.34 and utilities</h2>
|
||||
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
|
||||
<div style="float: right;">License: MIT</div>
|
||||
<div style="font-size: 20px;">
|
||||
|
|
|
|||
15
svr.js
15
svr.js
|
|
@ -71,7 +71,7 @@ function deleteFolderRecursive(path) {
|
|||
}
|
||||
|
||||
var os = require("os");
|
||||
var version = "3.4.32";
|
||||
var version = "3.4.34";
|
||||
var singlethreaded = false;
|
||||
|
||||
if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
|
||||
|
|
@ -1561,11 +1561,10 @@ if (secure) {
|
|||
forbiddenPaths.svrjs = getInitializePath("./" + ((__dirname[__dirname.length - 1] != "/") ? __filename.replace(__dirname + "/", "") : __filename.replace(__dirname, "")));
|
||||
forbiddenPaths.serverSideScripts = [];
|
||||
forbiddenPaths.serverSideScripts.push("/serverSideScript.js");
|
||||
forbiddenPaths.serverSideScripts.push(getInitializePath("./temp/serverSideScript.js"));
|
||||
forbiddenPaths.serverSideScriptDirectories = [];
|
||||
forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./temp/modloader"));
|
||||
forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./node_modules"));
|
||||
forbiddenPaths.serverSideScriptDirectories.push(getInitializePath("./mods"));
|
||||
forbiddenPaths.temp = getInitializePath("./temp");
|
||||
forbiddenPaths.log = getInitializePath("./log");
|
||||
|
||||
//Create server
|
||||
|
|
@ -3981,11 +3980,15 @@ if (!cluster.isPrimary) {
|
|||
callServerError(403);
|
||||
serverconsole.errmessage("Access to configuration file/certificates is denied.");
|
||||
return;
|
||||
} else if (checkIfIndexOfForbiddenPath(decodedHref, "log") && !isProxy && (configJSON.enableLogging || configJSON.enableLogging == undefined) && !(configJSON.enableRemoteLogBrowsing || configJSON.enableRemoteLogBrowsing == undefined)) {
|
||||
} else if (checkIfIndexOfForbiddenPath(decodedHref, "temp") && !isProxy) {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access to temporary folder is denied.");
|
||||
return;
|
||||
} else if (checkIfIndexOfForbiddenPath(decodedHref, "log") && !isProxy && (configJSON.enableLogging || configJSON.enableLogging == undefined) && configJSON.enableRemoteLogBrowsing) {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access to log files is denied.");
|
||||
return;
|
||||
} else if (checkIfForbiddenPath(decodedHref, "svrjs") && !isProxy && !exposeServerVersion && process.cwd() == __dirname) {
|
||||
} else if (checkIfForbiddenPath(decodedHref, "svrjs") && !isProxy && !exposeServerVersion) {
|
||||
callServerError(403);
|
||||
serverconsole.errmessage("Access to SVR.JS script is denied.");
|
||||
return;
|
||||
|
|
@ -4793,7 +4796,7 @@ function saveConfig() {
|
|||
if (configJSONobj.enableDirectoryListingWithDefaultHead === undefined) configJSONobj.enableDirectoryListingWithDefaultHead = false;
|
||||
if (configJSONobj.serverAdministratorEmail === undefined) configJSONobj.serverAdministratorEmail = "[no contact information]";
|
||||
if (configJSONobj.stackHidden === undefined) configJSONobj.stackHidden = false;
|
||||
if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = true;
|
||||
if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = false;
|
||||
if (configJSONobj.exposeServerVersion === undefined) configJSONobj.exposeServerVersion = true;
|
||||
if (configJSONobj.disableServerSideScriptExpose === undefined) configJSONobj.disableServerSideScriptExpose = true;
|
||||
if (configJSONobj.allowStatus === undefined) configJSONobj.allowStatus = true;
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SVR.JS 3.4.32 Tests</title>
|
||||
<title>SVR.JS 3.4.34 Tests</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<meta charset="UTF-8" />
|
||||
<style>
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SVR.JS 3.4.32 Tests</h1>
|
||||
<h1>SVR.JS 3.4.34 Tests</h1>
|
||||
<h2>Directory</h2>
|
||||
<iframe src="/testdir" width="50%" height="300px"></iframe>
|
||||
<h2>Directory (with query)</h2>
|
||||
|
|
|
|||
Reference in a new issue