connect - npm Package Compare versions

Comparing version 0.5.9 to 0.5.10

._index.js

@@ -1,4 +0,4 @@
-Mac OS X        	2��ATTR>����"
�"com.macromates.caret{
-    column = 42;
+Mac OS X        	2��ATTRVʱ��"
�"com.macromates.caret{
+    column = 39;
     line = 1;
 }

._package.json

@@ -1,4 +0,4 @@
-Mac OS X        	2��ATTR>����"
�"com.macromates.caret{
-    column = 19;
-    line = 4;
+Mac OS X        	2��ATTRVʶ��"
�"com.macromates.caret{
+    column = 35;
+    line = 7;
 }

._test.js

@@ -1,4 +0,4 @@
-Mac OS X        	2��ATTR>����#
�#com.macromates.caret{
+Mac OS X        	2��ATTRVʺ��#
�#com.macromates.caret{
     column = 23;
     line = 11;
 }

lib/connect/._index.js

@@ -1,4 +0,4 @@
-Mac OS X        	2��ATTR>����#
�#com.macromates.caret{
-    column = 24;
+Mac OS X        	2��ATTRV����#
�#com.macromates.caret{
+    column = 25;
     line = 11;
 }

lib/connect/._utils.js

@@ -1,4 +0,1 @@
-Mac OS X        	2��ATTR>����$
�$com.macromates.caret{
-    column = 58;
-    line = 115;
-}
+Mac OS X        	2��ATTRV���� 
� com.macromates.caretx���R������<[k0?'3/«��

lib/connect/index.js

@@ -12,3 +12,3 @@
 
-exports.version = '0.5.9';
+exports.version = '0.5.10';
 
@@ -15,0 +15,0 @@ /**

lib/connect/middleware/._basicAuth.js

@@ -1,4 +0,1 @@
-Mac OS X        	2��ATTR>����"
�"com.macromates.caret{
-    column = 0;
-    line = 24;
-}
+Mac OS X        	2��ATTRV���� 
� com.macromates.caretx���R������<[k0?'3/«��

lib/connect/middleware/._bodyDecoder.js

@@ -1,4 +0,1 @@
-Mac OS X        	2��ATTR>����#
�#com.macromates.caret{
-    column = 43;
-    line = 66;
-}
+Mac OS X        	2��ATTRV���� 
� com.macromates.caretx���R������<[k0?'3/«��

lib/connect/middleware/session.js

@@ -52,7 +52,2 @@
     return function sessionHandle(req, res, next) {
-        if (!req.cookies) {
-            next(new Error("session requires cookieDecoder to work properly"));
-            return;
-        }
-
         var pause = utils.pause(req);
@@ -64,8 +59,2 @@
 
-            // Update the session in the store if there is one
-            if (req.session) {
-                req.session.touch();
-                store.set(req.sessionID, req.session);
-            }
-
             // Only send secure session cookies when there is a secure connection.
@@ -96,2 +85,17 @@ // proxySecure is a custom attribute to allow for a reverse proxy to handle SSL connections and to
 
+        // commit sessions on end()
+        var end = res.end;
+        res.end = function(data, encoding){
+          res.end = end;
+
+          if (req.session) {
+            req.session.touch();
+            store.set(req.sessionID, req.session, function(){
+              res.end(data, encoding);
+            });
+          } else {
+            res.end(data, encoding);
+          }
+        };
+
         // Calculates the security hash to prevent session hijacking
@@ -104,2 +108,3 @@ // Uses information on the user-agent that created the session as it's fingerprint
             .digest('base64')
+            .replace(/\+/g, ' ')
             .replace(/=*$/, '');
@@ -111,3 +116,3 @@ }
             var base = utils.uid(24);
-            var sessionID = base + "." + hash(base);
+            var sessionID = base + '.' + hash(base);
             req.sessionID = sessionID;
@@ -114,0 +119,0 @@ req.session = new Session(req);

lib/connect/middleware/staticProvider.js

@@ -61,6 +61,7 @@
             head = req.method == 'HEAD',
-            filename, url = parseUrl(req.url);
+            url = parseUrl(req.url),
+            filename = decodeURIComponent(url.pathname);
 
         // Potentially malicious path
-        if (~url.pathname.indexOf('..')) {
+        if (~filename.indexOf('..')) {
             return forbidden(res);
@@ -70,3 +71,3 @@ }
         // Absolute path
-        filename = Path.join(root, decodeURIComponent(url.pathname));
+        filename = Path.join(root, filename);
 
@@ -73,0 +74,0 @@ // Index.html support

package.json

@@ -5,8 +5,8 @@ {
   "keywords": ["framework", "web", "middleware", "connect", "rack"],
-  "version": "0.5.9",
+  "version": "0.5.10",
   "repository": "git://github.com/senchalabs/connect.git",
   "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
-  "dependencies": { "qs": ">= 0.0.4" },
+  "dependencies": { "qs": ">= 0.0.6" },
   "main": "index",
   "engines": { "node": ">= 0.2.5" }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

104597

decreased by-3.4%

Number of package files

54

decreased by-25%

Lines of code

2890

decreased by-1.43%

Dependency changes

• Updatedqs@>= 0.0.6