send
Advanced tools
Comparing version 0.8.4 to 0.8.5
@@ -0,1 +1,6 @@ | ||
0.8.5 / 2014-09-04 | ||
================== | ||
* Fix malicious path detection for empty string path | ||
0.8.4 / 2014-09-04 | ||
@@ -2,0 +7,0 @@ ================== |
@@ -418,3 +418,3 @@ | ||
// malicious path | ||
if (path.substr(0, root.length) !== root) { | ||
if ((path + sep).substr(0, root.length) !== root) { | ||
debug('malicious path "%s"', path) | ||
@@ -421,0 +421,0 @@ return this.error(403) |
{ | ||
"name": "send", | ||
"description": "Better streaming static file server with Range and conditional-GET support", | ||
"version": "0.8.4", | ||
"version": "0.8.5", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -28,3 +28,3 @@ "contributors": [ | ||
"devDependencies": { | ||
"istanbul": "0.3.0", | ||
"istanbul": "0.3.2", | ||
"mocha": "~1.21.0", | ||
@@ -31,0 +31,0 @@ "should": "~4.0.0", |
27344