mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-18 07:12:14 -05:00
18 lines
783 B
Diff
18 lines
783 B
Diff
|
--- a/services/clsi/app/js/StaticServerForbidSymlinks.js
|
||
|
+++ b/services/clsi/app/js/StaticServerForbidSymlinks.js
|
||
|
@@ -25,9 +25,13 @@ module.exports = ForbidSymlinks = function (staticFn, root, options) {
|
||
|
let file, projectId, result
|
||
|
const path = req.url
|
||
|
// check that the path is of the form /project_id_or_name/path/to/file.log
|
||
|
- if ((result = path.match(/^\/?([a-zA-Z0-9_-]+)\/(.*)/))) {
|
||
|
+ if ((result = path.match(/^\/([a-zA-Z0-9_-]+)\/(.*)$/s))) {
|
||
|
projectId = result[1]
|
||
|
file = result[2]
|
||
|
+ if (path !== `/${projectId}/${file}`) {
|
||
|
+ logger.warn({ path }, 'unrecognized file request')
|
||
|
+ return res.sendStatus(404)
|
||
|
+ }
|
||
|
} else {
|
||
|
logger.warn({ path }, 'unrecognized file request')
|
||
|
return res.sendStatus(404)
|