mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-18 04:15:17 -05:00
788009330c
[CE/SP] Hotfix 4.2.7/5.0.7 GitOrigin-RevId: e36a5af392c2356d4068a98acc2d637d879392f8
17 lines
783 B
Diff
17 lines
783 B
Diff
--- a/services/clsi/app/js/StaticServerForbidSymlinks.js
|
|
+++ b/services/clsi/app/js/StaticServerForbidSymlinks.js
|
|
@@ -25,9 +25,13 @@ module.exports = ForbidSymlinks = function (staticFn, root, options) {
|
|
let file, projectId, result
|
|
const path = req.url
|
|
// check that the path is of the form /project_id_or_name/path/to/file.log
|
|
- if ((result = path.match(/^\/?([a-zA-Z0-9_-]+)\/(.*)/))) {
|
|
+ if ((result = path.match(/^\/([a-zA-Z0-9_-]+)\/(.*)$/s))) {
|
|
projectId = result[1]
|
|
file = result[2]
|
|
+ if (path !== `/${projectId}/${file}`) {
|
|
+ logger.warn({ path }, 'unrecognized file request')
|
|
+ return res.sendStatus(404)
|
|
+ }
|
|
} else {
|
|
logger.warn({ path }, 'unrecognized file request')
|
|
return res.sendStatus(404)
|