DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Disable server-side script exposure by default.

Browse source
This commit is contained in:
Dorian Niemiec 2023-09-02 09:01:25 +02:00
parent 03b54f94d4
commit a7185d6c94
4 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.json
View file

@ -3,7 +3,7 @@
"port": 80, "port": 80,
"pubport": 80, "pubport": 80,
"page404": "404.html", "page404": "404.html",
"timestamp": 1693523365373, "timestamp": 1693637517717,
"blacklist": [], "blacklist": [],
"nonStandardCodes": [], "nonStandardCodes": [],
"enableCompression": true, "enableCompression": true,
@ -16,7 +16,7 @@
"stackHidden": false, "stackHidden": false,
"enableRemoteLogBrowsing": true, "enableRemoteLogBrowsing": true,
"exposeServerVersion": true, "exposeServerVersion": true,
"disableServerSideScriptExpose": false, "disableServerSideScriptExpose": true,
"rewriteMap": [ "rewriteMap": [
{ {
"definingRegex": "/\\/invoke500\\/\\?/", "definingRegex": "/\\/invoke500\\/\\?/",

2
index.html
View file

@ -42,7 +42,7 @@
&nbsp;&nbsp;"stackHidden": false,<br/> &nbsp;&nbsp;"stackHidden": false,<br/>
&nbsp;&nbsp;"enableRemoteLogBrowsing": true,<br/> &nbsp;&nbsp;"enableRemoteLogBrowsing": true,<br/>
&nbsp;&nbsp;"exposeServerVersion": true,<br/> &nbsp;&nbsp;"exposeServerVersion": true,<br/>
&nbsp;&nbsp;"disableServerSideScriptExpose": false,<br/> &nbsp;&nbsp;"disableServerSideScriptExpose": true,<br/>
&nbsp;&nbsp;"rewriteMap": [<br/> &nbsp;&nbsp;"rewriteMap": [<br/>
&nbsp;&nbsp;&nbsp;&nbsp;{<br/> &nbsp;&nbsp;&nbsp;&nbsp;{<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"definingRegex": "/\\/invoke500\\/\\?/",<br/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"definingRegex": "/\\/invoke500\\/\\?/",<br/>

4
svr.js
View file

@ -4643,7 +4643,7 @@ if (!cluster.isPrimary) {
callServerError(403); callServerError(403);
serverconsole.errmessage("Access to SVR.JS script is denied."); serverconsole.errmessage("Access to SVR.JS script is denied.");
return; return;
} else if ((isForbiddenPath(decodedHref, "svrjs") || isForbiddenPath(decodedHref, "serverSideScripts") || isIndexOfForbiddenPath(decodedHref, "serverSideScriptDirectories")) && !isProxy && (configJSON.disableServerSideScriptExpose && configJSON.disableServerSideScriptExpose != undefined)) { } else if ((isForbiddenPath(decodedHref, "svrjs") || isForbiddenPath(decodedHref, "serverSideScripts") || isIndexOfForbiddenPath(decodedHref, "serverSideScriptDirectories")) && !isProxy && (configJSON.disableServerSideScriptExpose || configJSON.disableServerSideScriptExpose === undefined)) {
callServerError(403); callServerError(403);
serverconsole.errmessage("Access to sources is denied."); serverconsole.errmessage("Access to sources is denied.");
return; return;
@ -5789,7 +5789,7 @@ function saveConfig() {
if (configJSONobj.stackHidden === undefined) configJSONobj.stackHidden = false; if (configJSONobj.stackHidden === undefined) configJSONobj.stackHidden = false;
if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = true; if (configJSONobj.enableRemoteLogBrowsing === undefined) configJSONobj.enableRemoteLogBrowsing = true;
if (configJSONobj.exposeServerVersion === undefined) configJSONobj.exposeServerVersion = true; if (configJSONobj.exposeServerVersion === undefined) configJSONobj.exposeServerVersion = true;
if (configJSONobj.disableServerSideScriptExpose === undefined) configJSONobj.disableServerSideScriptExpose = false; if (configJSONobj.disableServerSideScriptExpose === undefined) configJSONobj.disableServerSideScriptExpose = true;
if (configJSONobj.allowStatus === undefined) configJSONobj.allowStatus = true; if (configJSONobj.allowStatus === undefined) configJSONobj.allowStatus = true;
if (configJSONobj.rewriteMap === undefined) configJSONobj.rewriteMap = []; if (configJSONobj.rewriteMap === undefined) configJSONobj.rewriteMap = [];
if (configJSONobj.dontCompress === undefined) configJSONobj.dontCompress = []; if (configJSONobj.dontCompress === undefined) configJSONobj.dontCompress = [];

2
views.txt
View file

@ -1 +1 @@
33 35