Skip to content

Commit

Permalink
fix for path traversal bug (updated)
Browse files Browse the repository at this point in the history
  • Loading branch information
@prahladyeri
prahladyeri committed Dec 8, 2018
1 parent 8e85a1b commit 3546445
Show file tree
Hide file tree
Showing 6 changed files with 4 additions and 2 deletions.
Empty file modified .gitignore
100644 → 100755
View file
Empty file.
Empty file modified CONTRIBUTING.md
100644 → 100755
View file
Empty file.
Empty file modified LICENSE
100644 → 100755
View file
Empty file.
Empty file modified README.md
100644 → 100755
View file
Empty file.
4 changes: 3 additions & 1 deletion bin/http-live
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@ if (config.minDelay > config.maxDelay) {

http.createServer(function (req, res) {
var pathname = url.parse(req.url, true).pathname;
pathname = pathname.replace("/../",""); //fix for path traversal bug
while(pathname.indexOf("/../") != -1) {
pathname = pathname.replace("/../",""); //fix for path traversal bug
}
var abspath = '';
var delay = config.minDelay + Math.floor(Math.random() * (config.maxDelay-config.minDelay));
sleep(delay)
Expand Down
2 changes: 1 addition & 1 deletion package.json
100644 → 100755
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "http-live-simulator",
"version": "1.0.6",
"version": "1.0.7",
"description": "HTTP Server that serves with random delay for live simulations",
"main": "index.js",
"bin": {
Expand Down

0 comments on commit 3546445

Please sign in to comment.