Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix path match

Browse Source
This commit is contained in:
Brian Gough
2017-03-21 11:30:32 +00:00
parent 021d848819
commit 750576d1b0
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/coffee/ResourceWriter.coffee
View File

@@ -90,7 +90,7 @@ module.exports = ResourceWriter =
checkPath: (basePath, resourcePath, callback) -> checkPath: (basePath, resourcePath, callback) ->
path = Path.normalize(Path.join(basePath, resourcePath)) path = Path.normalize(Path.join(basePath, resourcePath))
if (path.slice(0, basePath.length) != basePath) if (path.slice(0, basePath.length + 1) != basePath + "/")
return callback new Error("resource path is outside root directory") return callback new Error("resource path is outside root directory")
else else
return callback(null, path) return callback(null, path)

8
test/unit/coffee/ResourceWriterTests.coffee
View File

@@ -173,3 +173,11 @@ describe "ResourceWriter", ->
it "should return an error", -> it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory")) @callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true .should.equal true
describe "with another invalid path matching on a prefix", ->
beforeEach ->
@ResourceWriter.checkPath("foo", "../foobar/baz", @callback)
it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true