Comparing version 1.4.1 to 2.0.0
@@ -0,3 +1,13 @@ | ||
2016/08/09 Version 2.0.0 | ||
- No longer strip null bytes from uris before parsing. This avoids a regexp dos | ||
attack. The stripping was to avoid a bug regarding c++ null terminated | ||
strings shenanigans in some versions of node, but it *appears* fixed in LTS | ||
versions of node. | ||
- When both showDir and autoIndex are turned off, do not redirect from /foo to | ||
/foo/. | ||
- Add code coverage reports and codecov.io | ||
2015/05/10 Version 1.4.1 | ||
- Compare if-modified-since header against server-generated last-modified header rather than raw mtime | ||
- Compare if-modified-since header against server-generated last-modified | ||
header rather than raw mtime | ||
@@ -7,3 +17,4 @@ 2015/12/22 Version 1.4.0 | ||
- Started test suite around CLI options parsing | ||
- Workaround for egregious v8 bug around date parsing throwing during modified-since checks | ||
- Workaround for egregious v8 bug around date parsing throwing during | ||
modified-since checks | ||
@@ -10,0 +21,0 @@ 2015/11/15 Version 1.3.1 |
@@ -58,1 +58,3 @@ General format is: contributor, github handle, email. In some cases, the | ||
* Josh Gillies @joshgillies <github@joshgilli.es> | ||
* Jesse Tane @jessetane <jesse.tane@gmail.com> | ||
* Simon Sturmer @sstur <sstur@me.com> |
@@ -55,5 +55,17 @@ #! /usr/bin/env node | ||
// Strip any null bytes from the url | ||
// This was at one point necessary because of an old bug in url.parse | ||
// | ||
// See: https://github.com/jfhbrook/node-ecstatic/issues/16#issuecomment-3039914 | ||
// See: https://github.com/jfhbrook/node-ecstatic/commit/43f7e72a31524f88f47e367c3cc3af710e67c9f4 | ||
// | ||
// But this opens up a regex dos attack vector! D: | ||
// | ||
// Based on some research (ie asking #node-dev if this is still an issue), | ||
// it's *probably* not an issue. :) | ||
/* | ||
while(req.url.indexOf('%00') !== -1) { | ||
req.url = req.url.replace(/\%00/g, ''); | ||
} | ||
*/ | ||
// Figure out the path for the file from the given url | ||
@@ -128,2 +140,7 @@ var parsed = url.parse(req.url); | ||
else if (stat.isDirectory()) { | ||
if (!autoIndex && !opts.showDir) { | ||
status[404](res, next); | ||
return; | ||
} | ||
// 302 to / if necessary | ||
@@ -157,4 +174,2 @@ if (!parsed.pathname.match(/\/$/)) { | ||
status[404](res, next); | ||
} | ||
@@ -161,0 +176,0 @@ else { |
@@ -5,3 +5,3 @@ { | ||
"description": "A simple static file server middleware that works with both Express and Flatiron", | ||
"version": "1.4.1", | ||
"version": "2.0.0", | ||
"homepage": "https://github.com/jfhbrook/node-ecstatic", | ||
@@ -14,3 +14,4 @@ "repository": { | ||
"scripts": { | ||
"test": "tap test/*.js" | ||
"test": "tap --coverage test/*.js", | ||
"posttest": "tap --coverage-report=text-lcov | codecov" | ||
}, | ||
@@ -33,2 +34,3 @@ "bin": "./lib/ecstatic.js", | ||
"devDependencies": { | ||
"codecov": "^1.0.1", | ||
"eol": "^0.2.0", | ||
@@ -35,0 +37,0 @@ "express": "^4.12.3", |
@@ -1,2 +0,2 @@ | ||
# Ecstatic [![build status](https://secure.travis-ci.org/jfhbrook/node-ecstatic.png)](http://travis-ci.org/jfhbrook/node-ecstatic) | ||
# Ecstatic [![build status](https://secure.travis-ci.org/jfhbrook/node-ecstatic.png)](http://travis-ci.org/jfhbrook/node-ecstatic) [![codecov.io](https://codecov.io/github/jfhbrook/node-ecstatic/coverage.svg?branch=master)](https://codecov.io/github/jfhbrook/node-ecstatic?branch=master) | ||
@@ -3,0 +3,0 @@ ![](http://imgur.com/vhub5.png) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
2606092
73
1285
6