A simpler fix might be to canonicalize (i.e. no "..") the public folder path and... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hombre_fatal on Feb 26, 2019 \| parent \| context \| favorite \| on: Show HN: Zero – A fast, zero-configuration server ... A simpler fix might be to canonicalize (i.e. no "..") the public folder path and the requested file path and then ensure the public path is a prefix of the other.

Kalium on Feb 26, 2019 [–]

Any fix also needs to be sure to resolve any symlinks before doing a prefix check.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact