|
|
@@ -30,14 +30,34 @@ var port = 8000,
|
|
|
"mp4": "video/mp4",
|
|
|
"txt": "text/plain",
|
|
|
"bin": "application/octet-stream"
|
|
|
- };
|
|
|
+ };
|
|
|
+
|
|
|
+// https://github.com/parshap/node-sanitize-filename/blob/master/index.js#L33-L47
|
|
|
+var illegalRe = /[\?<>:\*\|":]/g;
|
|
|
+var controlRe = /[\x00-\x1f\x80-\x9f]/g;
|
|
|
+var reservedRe = /^\.+$/;
|
|
|
+var windowsReservedRe = /^(con|prn|aux|nul|com[0-9]|lpt[0-9])(\..*)?$/i;
|
|
|
+var windowsTrailingRe = /[\. ]+$/;
|
|
|
+
|
|
|
+function sanitize(input) {
|
|
|
+ var sanitized = input
|
|
|
+ .replace(/\//g, "\\")
|
|
|
+ .replace(illegalRe, "")
|
|
|
+ .replace(controlRe, "")
|
|
|
+ .replace(reservedRe, "")
|
|
|
+ .replace(windowsReservedRe, "")
|
|
|
+ .replace(windowsTrailingRe, "");
|
|
|
+ return sanitized;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
|
|
|
port = process.argv[ 2 ] ? parseInt( process.argv[ 2 ], 0 ) : port;
|
|
|
|
|
|
function handleRequest( request, response ) {
|
|
|
|
|
|
- var urlObject = urlParser.parse( request.url, true );
|
|
|
- var pathname = decodeURIComponent( urlObject.pathname );
|
|
|
+ var urlObject = urlParser.parse( request.url, true );
|
|
|
+ var pathname = decodeURIComponent( sanitize( urlObject.pathname ) );
|
|
|
|
|
|
console.log( '[' + ( new Date() ).toUTCString() + '] ' + '"' + request.method + ' ' + pathname + '"' );
|
|
|
|
|
|
@@ -98,8 +118,8 @@ function handleRequest( request, response ) {
|
|
|
files.unshift( '.', '..' );
|
|
|
files.forEach( function ( item ) {
|
|
|
|
|
|
- var urlpath = pathname + item,
|
|
|
- itemStats = fs.statSync( currentDir + urlpath );
|
|
|
+ var urlpath = path.join( pathname, item ),
|
|
|
+ itemStats = fs.statSync( path.join( currentDir, urlpath ) );
|
|
|
|
|
|
if ( itemStats.isDirectory() ) {
|
|
|
|
Gero3