|
|
@@ -39,12 +39,13 @@ function mimetype(path) { |
|
|
|
return unknown; |
|
|
|
} |
|
|
|
|
|
|
|
function sendfile(path, app, pathname, res) { |
|
|
|
function sendfile(path, app, pathname, req, res) { |
|
|
|
fs.open(path, "r", (err, fd) => { |
|
|
|
if (err) { |
|
|
|
app.notice(err); |
|
|
|
res.writeHead(404); |
|
|
|
res.end(app.template(app.res404, { pathname: pathname })); |
|
|
|
res.end(app.template(app.res404, |
|
|
|
{ method: req.method, pathname: pathname })); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
@@ -67,13 +68,14 @@ module.exports = function(root, before) { |
|
|
|
|
|
|
|
// Send a file |
|
|
|
function send(path) { |
|
|
|
sendfile(path, app, pn, res); |
|
|
|
sendfile(path, app, pn, req, res); |
|
|
|
} |
|
|
|
|
|
|
|
// Prevent leaking information |
|
|
|
if (pn.indexOf("../") !== -1 || pn.indexOf("/..") !== -1 || pn === "..") { |
|
|
|
res.writeHead(403); |
|
|
|
res.end(app.template(app.res403, { pathname: pn })); |
|
|
|
res.end(app.template(app.res403, |
|
|
|
{ method: req.method, pathname: pn })); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
@@ -86,7 +88,8 @@ module.exports = function(root, before) { |
|
|
|
if (err) { |
|
|
|
app.notice(err); |
|
|
|
res.writeHead(404); |
|
|
|
res.end(app.template(app.res404, { pathname: pn })); |
|
|
|
res.end(app.template(app.res404, |
|
|
|
{ method: req.method, pathname: pn })); |
|
|
|
return; |
|
|
|
} |
|
|
|
|