1
0
Fork 0

fix: Force all paths to be within `cwd()`

pull/20/head
Ambrose Chua 2021-11-16 22:09:29 +08:00
parent 39155e627f
commit a04c4bc893
1 changed files with 5 additions and 1 deletions

View File

@ -154,7 +154,11 @@ app.use((req, res, next) => {
});
function relative(...paths) {
return paths.reduce((a, b) => path.join(a, b), process.cwd());
const finalPath = paths.reduce((a, b) => path.join(a, b), process.cwd());
if (path.relative(process.cwd(), finalPath).startsWith("..")) {
throw new Error("Failed to resolve path outside of the working directory")
}
return finalPath;
}
function flashify(req, obj) {
let error = req.flash("error");