aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xchatserver.js7
1 files changed, 4 insertions, 3 deletions
diff --git a/chatserver.js b/chatserver.js
index d665e2c..51ab363 100755
--- a/chatserver.js
+++ b/chatserver.js
@@ -202,9 +202,10 @@ http.createServer(function(req,res){
if(req.url=="/"){
res.writeHead(200,{"Content-Type":"text/html"});
res.end(pagehtml);
- } else if(!/\/\./.test(req.url)){
- var url=req.url.slice(1);
- if(url.indexOf("?")!=-1)url=url.slice(0,url.indexOf("?"));
+ } else {
+ var url=req.url.slice(1); //strip off the initial '/'
+ if(url.indexOf("?")!=-1)url=url.slice(0,url.indexOf("?")); //strip off parameters
+ if(!/^theme-[a-z0-9]+\.css$/i.test(url))res.end("not permitted");
try{res.end(fs.readFileSync(url).toString());}
catch(e){res.end("error");}
}