1
0
Fork 0
forked from svrjs/svrjs

Update to SVR.JS 3.9.3

This commit is contained in:
Dorian Niemiec 2023-09-07 18:07:30 +02:00
parent 9406ffda5f
commit 7587932250
4 changed files with 22 additions and 12 deletions

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.9.2</title> <title>SVR.JS 3.9.3</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>Welcome to SVR.JS 3.9.2</h1> <h1>Welcome to SVR.JS 3.9.3</h1>
<br/> <br/>
<img src="/logo.png" style="width: 256px;" /> <img src="/logo.png" style="width: 256px;" />
<br/> <br/>
@ -117,7 +117,7 @@
</div> </div>
<p>Changes:</p> <p>Changes:</p>
<ul> <ul>
<li>Mitigated security vulnerability: SVR.JS mods and server-side JavaScript using req.url are no longer vulnerable to path traversal (not including query strings).</li> <li>Mitigated security vulnerability: SVR.JS mods and server-side JavaScript not using href or uobject.pathname in some path checks are no longer vulnerable to access control bypass (from SVR.JS configuration).</li>
</ul> </ul>
<p>Bugs:</p> <p>Bugs:</p>
<ul> <ul>

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.9.2 Licenses</title> <title>SVR.JS 3.9.3 Licenses</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,8 +12,8 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.9.2 Licenses</h1> <h1>SVR.JS 3.9.3 Licenses</h1>
<h2>SVR.JS 3.9.2</h2> <h2>SVR.JS 3.9.3</h2>
<div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;"> <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
MIT License<br/> MIT License<br/>
<br/> <br/>
@ -37,7 +37,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/> OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
SOFTWARE.<br/> SOFTWARE.<br/>
</div> </div>
<h2>Packages used by SVR.JS 3.9.2 and utilities</h2> <h2>Packages used by SVR.JS 3.9.3 and utilities</h2>
<div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;"> <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
<div style="float: right;">License: MIT</div> <div style="float: right;">License: MIT</div>
<div style="font-size: 20px;"> <div style="font-size: 20px;">

16
svr.js
View file

@ -81,7 +81,7 @@ function deleteFolderRecursive(path) {
} }
var os = require("os"); var os = require("os");
var version = "3.9.2"; var version = "3.9.3";
var singlethreaded = false; var singlethreaded = false;
if (process.versions) process.versions.svrjs = version; // Inject SVR.JS into process.versions if (process.versions) process.versions.svrjs = version; // Inject SVR.JS into process.versions
@ -3274,9 +3274,19 @@ if (!cluster.isPrimary) {
function modExecute(mods, ffinals) { function modExecute(mods, ffinals) {
// Prepare modFunction // Prepare modFunction
var modFunction = ffinals; var modFunction = ffinals;
for (var i = mods.length - 1; i >= 0; i--) { var useMods = mods;
modFunction = mods[i].callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, modFunction, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData);
if(isProxy) {
// Get list of forward proxy mods
useMods = [];
mods.forEach(function (mod) {
if (mod.proxyCallback !== undefined) useMods.push(mod);
});
} }
useMods.reverse().forEach(function (modO) {
modFunction = modO.callback(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, fd, modFunction, configJSON, callServerError, getCustomHeaders, origHref, redirect, parsePostData);
});
// Execute modfunction // Execute modfunction
modFunction(); modFunction();

View file

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<title>SVR.JS 3.9.2 Tests</title> <title>SVR.JS 3.9.3 Tests</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<style> <style>
@ -12,7 +12,7 @@
</style> </style>
</head> </head>
<body> <body>
<h1>SVR.JS 3.9.2 Tests</h1> <h1>SVR.JS 3.9.3 Tests</h1>
<h2>Directory</h2> <h2>Directory</h2>
<iframe src="/testdir" width="50%" height="300px"></iframe> <iframe src="/testdir" width="50%" height="300px"></iframe>
<h2>Directory (with query)</h2> <h2>Directory (with query)</h2>