[Pkg-javascript-commits] [node-static] 49/151: fix vulnerability when pathname starts with a '.'

[Tonnerre Lombard]

This is an automated email from the git hooks/post-receive script.

tonnerre-guest pushed a commit to branch master
in repository node-static.

commit c49e37262c5e999f588d57343405d09e8d602c81
Author: cloudhead <alexis at cloudhead.io>
Date:   Tue Aug 9 15:02:06 2011 -0400

    fix vulnerability when pathname starts with a '.'
---
 lib/node-static.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/node-static.js b/lib/node-static.js
index 2bfb7ca..01244bc 100644
--- a/lib/node-static.js
+++ b/lib/node-static.js
@@ -134,7 +134,7 @@ this.Server.prototype.servePath = function (pathname, status, headers, req, res,
 
     // Make sure we're not trying to access a
     // file outside of the root.
-    if (new(RegExp)('^' + that.root).test(pathname)) {
+    if (pathname.indexOf(that.root) === 0) {
         fs.stat(pathname, function (e, stat) {
             if (e) {
                 finish(404, {});

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-static.git