DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Mitigated log file injection for HTTP authentication

Browse source
This commit is contained in:
Dorian Niemiec 2024-01-14 08:41:11 +01:00
parent 55dfa0ad1e
commit e11dd8d5b5
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
svr.js
View file

@ -22,11 +22,11 @@ if (typeof require === "undefined") {
} else { } else {
if (typeof alert !== "undefined" && typeof document !== "undefined") { if (typeof alert !== "undefined" && typeof document !== "undefined") {
// If it runs on web browser, display an alert. // If it runs on web browser, display an alert.
alert("SVR.JS doesn't work on web browser. SVR.JS requires use of Node.JS (or compatible JS runtime)."); alert("SVR.JS doesn't work on a web browser. SVR.JS requires use of Node.JS (or compatible JS runtime).");
} }
// If it's not, throw an error. // If it's not, throw an error.
if (typeof document !== "undefined") { if (typeof document !== "undefined") {
throw new Error("SVR.JS doesn't work on web browser. SVR.JS requires use of Node.JS (or compatible JS runtime)."); throw new Error("SVR.JS doesn't work on a web browser. SVR.JS requires use of Node.JS (or compatible JS runtime).");
} else { } else {
throw new Error("SVR.JS doesn't work on Deno/QuickJS. SVR.JS requires use of Node.JS (or compatible JS runtime)."); throw new Error("SVR.JS doesn't work on Deno/QuickJS. SVR.JS requires use of Node.JS (or compatible JS runtime).");
} }
@ -4524,7 +4524,7 @@ if (!cluster.isPrimary) {
} }
} }
callServerError(401, undefined, undefined, ha); callServerError(401, undefined, undefined, ha);
serverconsole.errmessage("User \"" + username + "\" failed to log in."); serverconsole.errmessage("User \"" + String(username).replace(/[\r\n]/g, "") + "\" failed to log in.");
} else { } else {
if (bruteProtection) { if (bruteProtection) {
if (process.send) { if (process.send) {
@ -4535,7 +4535,7 @@ if (!cluster.isPrimary) {
}; };
} }
} }
serverconsole.reqmessage("Client is logged in as \"" + username + "\""); serverconsole.reqmessage("Client is logged in as \"" + String(username).replace(/[\r\n]/g, "") + "\".");
redirectTrailingSlashes(function () { redirectTrailingSlashes(function () {
modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, "", callServerError, getCustomHeaders, origHref, redirect, parsePostData)); modExecute(mods, vres(req, res, serverconsole, responseEnd, href, ext, uobject, search, "index.html", users, page404, head, foot, "", callServerError, getCustomHeaders, origHref, redirect, parsePostData));
}); });