github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix path match

Browse source
This commit is contained in:
Brian Gough 2017-03-21 11:30:32 +00:00
parent 54bdc8fed0
commit 1273a05ad4
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/clsi/app/coffee/ResourceWriter.coffee
View file

@ -90,7 +90,7 @@ module.exports = ResourceWriter =
checkPath: (basePath, resourcePath, callback) ->
path = Path.normalize(Path.join(basePath, resourcePath))
if (path.slice(0, basePath.length) != basePath)
if (path.slice(0, basePath.length + 1) != basePath + "/")
return callback new Error("resource path is outside root directory")
else
return callback(null, path)

8
services/clsi/test/unit/coffee/ResourceWriterTests.coffee
View file

@ -173,3 +173,11 @@ describe "ResourceWriter", ->
it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true
describe "with another invalid path matching on a prefix", ->
beforeEach ->
@ResourceWriter.checkPath("foo", "../foobar/baz", @callback)
it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true