From b584fa637ccffbf09bf9e8a40eb5e642c8457cd3 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Mon, 14 Aug 2023 18:16:53 +0200
Subject: [PATCH] Prevent source code viewing by "CGI-BIN" instead of "cgi-bin"
 in Windows

---
 index.js | 4 ++--
 mod.info | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index cba875f..d2c1105 100644
--- a/index.js
+++ b/index.js
@@ -286,7 +286,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
       executeCGI("." + a, req, res, dh, nEnv);
     }
 
-    if (href.indexOf("/cgi-bin") == 0) {
+    if (href.match(new RegExp("/cgi-bin(?:$|[?#/])", os.platform() == "win32" ? "i" : ""))) {
       fs.stat("." + href, function (err, stats) {
         if (!err) {
           if (!stats.isFile()) {
@@ -505,7 +505,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
           }
         }
       });
-    } else if (href == "/redbrick-interpreters.json" && path.normalize(__dirname + "/../../..") == process.cwd()) {
+    } else if ((href == "/redbrick-interpreters.json" || (os.platform() == "win32" && href.toLowerCase() == "/redbrick-interpreters.json")) && path.normalize(__dirname + "/../../..") == process.cwd()) {
       if (!callServerError) {
         res.writeHead(200, "OK", {
           "Content-Type": "application/json",
diff --git a/mod.info b/mod.info
index 360fd08..3737a6f 100755
--- a/mod.info
+++ b/mod.info
@@ -1,4 +1,4 @@
 {
   "name": "DorianTech RedBrick CGI engine for SVR.JS",
-  "version": "2.3.2"
+  "version": "2.3.3"
 }