diff options
| author | Tom Smeding <tom.smeding@gmail.com> | 2021-01-29 17:42:28 +0100 |
|---|---|---|
| committer | Tom Smeding <tom.smeding@gmail.com> | 2021-01-29 17:42:28 +0100 |
| commit | 230aa79e89a3461c060188bd35cc737520f5d86b (patch) | |
| tree | 78dac2d458ecfcf31ce4b092c5dca981991e6912 | |
| parent | 1e4605066175bc83832a9cc4df6232a882939cee (diff) | |
Don't send hidden files in /f/
| -rwxr-xr-x | webserver.js | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/webserver.js b/webserver.js index e5a62c8..5496f11 100755 --- a/webserver.js +++ b/webserver.js @@ -84,6 +84,10 @@ for (let i = 0; i < module_list.length; i++) { } +function anyComponentHidden(fname) { + return fname[0] == "." || fname.indexOf("/.") != -1; +} + // if 'mime' is not null/undefined, it should be the content-type of the file // options: // { mime: "content-type value", listdirs: true/false, cors: true/false } @@ -92,7 +96,7 @@ function requestFile(req, res, path, origpath, options) { if (options == null) options = {}; fname = cmn.webfilesdir + path; console.log("Requesting file " + fname); - if (!fs.existsSync(fname)) { + if (anyComponentHidden(fname) || !fs.existsSync(fname)) { res.status(404).send("That file does not exist."); return; } |