support (and ignore) query strings in URLs
This commit is contained in:
parent
e2c28c2792
commit
acbd8992a8
3
sfs.js
3
sfs.js
|
@ -47,11 +47,12 @@ const is_allowed = path => allowed_paths.length === 0 || (path = normalize_path(
|
||||||
|
|
||||||
http
|
http
|
||||||
.createServer(async (req, res) => {
|
.createServer(async (req, res) => {
|
||||||
const path = '.' + decodeURIComponent(req.url);
|
|
||||||
if (req.method !== 'GET' && req.method !== 'HEAD') {
|
if (req.method !== 'GET' && req.method !== 'HEAD') {
|
||||||
send_error(res, 405, 'Method Not Allowed');
|
send_error(res, 405, 'Method Not Allowed');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
const p = req.url.indexOf('?');
|
||||||
|
const path = '.' + decodeURIComponent(p > -1 ? req.url.slice(0, p) : req.url);
|
||||||
if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) {
|
if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) {
|
||||||
send_error(res, 403, 'Forbidden');
|
send_error(res, 403, 'Forbidden');
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in New Issue