diff options
-rwxr-xr-x | chatserver.js | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/chatserver.js b/chatserver.js index d665e2c..51ab363 100755 --- a/chatserver.js +++ b/chatserver.js @@ -202,9 +202,10 @@ http.createServer(function(req,res){ if(req.url=="/"){ res.writeHead(200,{"Content-Type":"text/html"}); res.end(pagehtml); - } else if(!/\/\./.test(req.url)){ - var url=req.url.slice(1); - if(url.indexOf("?")!=-1)url=url.slice(0,url.indexOf("?")); + } else { + var url=req.url.slice(1); //strip off the initial '/' + if(url.indexOf("?")!=-1)url=url.slice(0,url.indexOf("?")); //strip off parameters + if(!/^theme-[a-z0-9]+\.css$/i.test(url))res.end("not permitted"); try{res.end(fs.readFileSync(url).toString());} catch(e){res.end("error");} } |