Comparing version 1.13.4 to 1.13.5
@@ -0,1 +1,4 @@ | ||
## 1.13.5 | ||
- Fix range header parsing RexExp DOS #165 | ||
## 1.13.3 | ||
@@ -2,0 +5,0 @@ - Upgrade to qs@^1.2.2 to fix prototype Override Protection Bypass Vulnerability in qs. |
@@ -152,3 +152,2 @@ | ||
var rangesExpression = /^\s*bytes\s*=\s*(\d*\s*-\s*\d*\s*(?:,\s*\d*\s*-\s*\d*\s*)*)$/; | ||
var rangeExpression = /^\s*(\d*)\s*-\s*(\d*)\s*$/; | ||
@@ -180,10 +179,17 @@ | ||
var interpretFirstRange = exports.interpretFirstRange = function (text, size) { | ||
var match = rangesExpression.exec(text); | ||
if (!match) | ||
var index = text.indexOf('='); | ||
if (index === -1) { | ||
return; | ||
var texts = match[1].split(/\s*,\s*/); | ||
var range = interpretRange(texts[0], size); | ||
for (var i = 0, ii = texts.length; i < ii; i++) { | ||
var next = interpretRange(texts[i], size); | ||
if (next.begin <= range.end) { | ||
} | ||
// split the range string | ||
var range, | ||
arr = text.slice(index + 1).split(','); | ||
// parse all ranges | ||
for (var i = 0; i < arr.length; i++) { | ||
var next = interpretRange(arr[i], size); | ||
if (!range) { | ||
range = next; | ||
} else if (next.begin <= range.end) { | ||
range.end = next.end; | ||
@@ -194,2 +200,3 @@ } else { | ||
} | ||
return range; | ||
@@ -371,3 +378,3 @@ }; | ||
}); | ||
}) | ||
}); | ||
}) | ||
@@ -374,0 +381,0 @@ .all() |
{ | ||
"name": "q-io", | ||
"version": "1.13.4", | ||
"version": "1.13.5", | ||
"description": "IO using Q promises", | ||
@@ -5,0 +5,0 @@ "homepage": "http://github.com/kriskowal/q-io/", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
180490
4232