svrjs/redbrick
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Security updates

Browse source
This commit is contained in:
svrjs 2023-07-30 02:24:20 +02:00
parent 7cebf8d001
commit 17c09db695
2 changed files with 35 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
index.js
View file

@ -4,9 +4,7 @@ var http = require("http");
var url = require("url");
var fs = require("fs");
var path = require("path");
var {
spawn
} = require("child_process");
var childProcess = require("child_process");
var version = "UNKNOWN";
try {
version = JSON.parse(fs.readFileSync(__dirname + "/mod.info")).version;
@ -25,6 +23,8 @@ Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd,
}
bheaders["Content-Type"] = "text/html" //HTML output
if (!getCustomHeaders) bheaders["Server"] = "SVR.JS/" + configJSON.version + " (" + os.platform()[0].toUpperCase() + os.platform().slice(1) + ")"; //Add Server header
var abheaders = JSON.parse(JSON.stringify(bheaders));
function executeCGI(fname, req, res, dh, nEnv) {
var env = JSON.parse(JSON.stringify(process.env));
var nEnvKeys = Object.keys(nEnv);
@ -93,7 +93,7 @@ Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd,
wd[0] = "";
wd[wd.length - 1] = "";
wd = wd.join(os.platform() == "win32" ? "\\" : "/");
var interpreter = spawn(filename, args, {
var interpreter = childProcess.spawn(filename, args, {
cwd: (process.cwd() + wd).replace(os.platform() == "win32" ? /\\+/ : /\/+/, os.platform() == "win32" ? "\\" : "/"),
env: env
});
@ -286,7 +286,6 @@ Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd,
}
}
}
} catch (ex) {
if (!callServerError) {
res.writeHead(500, "Internal Server Error", abheaders);
@ -296,6 +295,14 @@ Mod.prototype.callback = function callback(req, res, serverconsole, responseEnd,
callServerError(500, "RedBrick/" + version, ex);
}
}
} else if (href == "/redbrick-interpreters.json" && path.normalize(__dirname + "/../../..") == process.cwd()) {
if (!callServerError) {
res.writeHead(403, "Forbidden", abheaders);
res.write("<html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have access to specific page.</p><p style=\"font-style: italic; font-weight: normal;\">SVR.JS " + configJSON.version + " (" + os.platform()[0].toUpperCase() + os.platform().slice(1) + "; Node.JS/" + process.version + ") RedBrick/" + version + " " + (req.headers.host == undefined ? "" : " on " + req.headers.host) + "</p></body></html>");
res.end();
} else {
callServerError(403, "RedBrick/" + version);
}
} else {
elseCallback();
}

2
mod.info
View file

@ -1,4 +1,4 @@
{
"name": "DorianTech RedBrick CGI engine for SVR.JS",
"version": "2.1.0"
"version": "2.1.1"
}