github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix path match

Browse source
This commit is contained in:
Brian Gough 2017-03-21 11:30:32 +00:00
parent 54bdc8fed0
commit 1273a05ad4
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/clsi/app/coffee/ResourceWriter.coffee
View file

@ -90,7 +90,7 @@ module.exports = ResourceWriter =
checkPath: (basePath, resourcePath, callback) -> checkPath: (basePath, resourcePath, callback) ->
path = Path.normalize(Path.join(basePath, resourcePath)) path = Path.normalize(Path.join(basePath, resourcePath))
if (path.slice(0, basePath.length) != basePath) if (path.slice(0, basePath.length + 1) != basePath + "/")
return callback new Error("resource path is outside root directory") return callback new Error("resource path is outside root directory")
else else
return callback(null, path) return callback(null, path)

8
services/clsi/test/unit/coffee/ResourceWriterTests.coffee
View file

@ -173,3 +173,11 @@ describe "ResourceWriter", ->
it "should return an error", -> it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory")) @callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true .should.equal true
describe "with another invalid path matching on a prefix", ->
beforeEach ->
@ResourceWriter.checkPath("foo", "../foobar/baz", @callback)
it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true