Commit Graph

6 Commits (4962702e4a06e3b986cbf1d1042a29c35ef7105d)

Author SHA1 Message Date
isaacs 65037eeb32 Don't let path.normalize get above the root.
Any path.join or path.normalize that starts with a / will not go "above" that after normalization.  This is important because /../foo is almost *always* some sort of error, and doesn't match the corollary in sh: `cd $p; pwd`

At the worse, this can be a vector for exploits, since a static file server might do path.join(docroot, path.normalize("/"+req)) to get the file.  If the normalized request path could be something like "/../../../etc/passwd" then bad things could happen.
2010-08-01 20:20:17 -07:00
isaacs f0f247d7e5 Fix dirname so that dirname('/a/b/') -> '/a', like sh's does.
Before there was this comment:
  Can't strip trailing slashes since module.js incorrectly
  thinks dirname('/a/b/') should yield '/a/b' instead of '/a'.
But now, such thinking is corrected.
2010-07-23 09:08:49 -07:00
Micheil Smith b05daaaf69 Adding path.existsSync (with tests.) 2010-06-16 10:26:11 -07:00
Aapo Laitinen c4876d01a1 Change the behavior of path.extname
Make path.extname return an empty string also if:
- The last dot is not in the last path component
- The last dot starts the last path component
2010-05-24 09:56:28 -07:00
rentzsch 36a45c4e0d FIX path.dirname('/tmp') => '/'.
Previously path.dirname('/tmp') incorrectly returned '.'.

Unfortunately module.js incorrectly thinks dirname('/a/b/') should
yield '/a/b', so I can't strip trailing slashes yet. Once module.js
is fixed, then the commented-out code should be activated and a test
written for it.
2010-05-20 10:16:09 -07:00
isaacs e0061a511d refactor path module to lib/path.js 2010-04-21 11:38:51 -07:00