alan
/
sfs
1
Fork 0

support (and ignore) query strings in URLs

This commit is contained in:
Alan Faubert 2022-02-22 19:37:52 -05:00
parent e2c28c2792
commit acbd8992a8
1 changed files with 2 additions and 1 deletions

3
sfs.js
View File

@ -47,11 +47,12 @@ const is_allowed = path => allowed_paths.length === 0 || (path = normalize_path(
http http
.createServer(async (req, res) => { .createServer(async (req, res) => {
const path = '.' + decodeURIComponent(req.url);
if (req.method !== 'GET' && req.method !== 'HEAD') { if (req.method !== 'GET' && req.method !== 'HEAD') {
send_error(res, 405, 'Method Not Allowed'); send_error(res, 405, 'Method Not Allowed');
return; return;
} }
const p = req.url.indexOf('?');
const path = '.' + decodeURIComponent(p > -1 ? req.url.slice(0, p) : req.url);
if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) { if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) {
send_error(res, 403, 'Forbidden'); send_error(res, 403, 'Forbidden');
return; return;