diff options
| -rw-r--r-- | js/bin/HttpServer.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/js/bin/HttpServer.js b/js/bin/HttpServer.js index 2e4228bcc52..53825a21aa5 100644 --- a/js/bin/HttpServer.js +++ b/js/bin/HttpServer.js @@ -252,6 +252,12 @@ function Init() filePath); } } + else if(filePath.indexOf("..") != -1 || ["/test/", "/assets/"].some(prefix => filePath.startsWith(prefix))) + { + res.writeHead(403); + res.end("403 Forbiden"); + console.log("HTTP/403 (Forbiden) " + req.method + " " + req.url.pathname + " -> " + filePath); + } else { if(!stats.isFile()) |