From 45044503653add037fdf264ce328673f909c8372 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Mon, 14 Aug 2023 18:13:56 +0200
Subject: [PATCH] Prevent source code viewing by "JSGI-BIN" instead of
 "jsgi-bin" in Windows

---
 index.js | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/index.js b/index.js
index 34258b2..babf811 100644
--- a/index.js
+++ b/index.js
@@ -188,7 +188,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
       executeJSGI("." + a, req, res, dh, jsgiRequestObject);
     }
 
-    if (href.indexOf("/jsgi-bin") == 0) {
+    if (href.match(new RegExp("/jsgi-bin(?:$|[?#/])",os.platform() == "win32" ? "i" : ""))) {
       fs.stat("." + href, function (err, stats) {
         if (!err) {
           if (!stats.isFile()) {
@@ -345,16 +345,6 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
           }
         }
       });
-    } else if (href == "/YellowSquare-interpreters.json" && path.normalize(__dirname + "/../../..") == process.cwd()) {
-      if (!callServerError) {
-        res.writeHead(200, "OK", {
-          "Content-Type": "application/json",
-          "Server": "YellowSquare/" + version
-        });
-        res.end(JSON.stringify(exttointerpreteruser, null, 2));
-      } else {
-        callServerError(200, "YellowSquare/" + version, exttointerpreteruser);
-      }
     } else {
       elseCallback();
     }