bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed directory traversal vulnerability. (#114)

Browse Source 
Awesome find!
This commit is contained in:
Jocelyn Le Sage 2019-04-02 18:37:40 -04:00 committed by jc21
parent 3095cff7d9
commit e7ddcb91fc
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/routes/main.js
View File

@ -3,6 +3,7 @@
const express = require('express'); const express = require('express');
const fs = require('fs'); const fs = require('fs');
const PACKAGE = require('../../../package.json'); const PACKAGE = require('../../../package.json');
const path = require('path')
const router = express.Router({ const router = express.Router({
caseSensitive: true, caseSensitive: true,
@ -29,7 +30,9 @@ router.get(/(.*)/, function (req, res, next) {
version: PACKAGE.version version: PACKAGE.version
}); });
} else { } else {
fs.readFile('dist' + req.params.page, 'utf8', function (err, data) { var p = path.normalize('dist' + req.params.page)
if (p.startsWith('dist')) { // Allow access to ressources under 'dist' directory only.
fs.readFile(p, 'utf8', function (err, data) {
if (err) { if (err) {
res.render('index', { res.render('index', {
version: PACKAGE.version version: PACKAGE.version
@ -38,6 +41,11 @@ router.get(/(.*)/, function (req, res, next) {
res.contentType('text/html').end(data); res.contentType('text/html').end(data);
} }
}); });
} else {
res.render('index', {
version: PACKAGE.version
});
}
} }
}); });