svrjs/redbrick
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Prevent source code viewing by "CGI-BIN" instead of "cgi-bin" in Windows

Browse source
This commit is contained in:
Dorian Niemiec 2023-08-14 18:16:53 +02:00
parent 65061c090b
commit b584fa637c
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
index.js
View file

@ -286,7 +286,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
executeCGI("." + a, req, res, dh, nEnv);
}
if (href.indexOf("/cgi-bin") == 0) {
if (href.match(new RegExp("/cgi-bin(?:$|[?#/])", os.platform() == "win32" ? "i" : ""))) {
fs.stat("." + href, function (err, stats) {
if (!err) {
if (!stats.isFile()) {
@ -505,7 +505,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
}
}
});
} else if (href == "/redbrick-interpreters.json" && path.normalize(__dirname + "/../../..") == process.cwd()) {
} else if ((href == "/redbrick-interpreters.json" || (os.platform() == "win32" && href.toLowerCase() == "/redbrick-interpreters.json")) && path.normalize(__dirname + "/../../..") == process.cwd()) {
if (!callServerError) {
res.writeHead(200, "OK", {
"Content-Type": "application/json",

2
mod.info
View file

@ -1,4 +1,4 @@
{
"name": "DorianTech RedBrick CGI engine for SVR.JS",
"version": "2.3.2"
"version": "2.3.3"
}