-
-
Save ryanflorence/701407 to your computer and use it in GitHub Desktop.
var http = require("http"), | |
url = require("url"), | |
path = require("path"), | |
fs = require("fs") | |
port = process.argv[2] || 8888; | |
http.createServer(function(request, response) { | |
var uri = url.parse(request.url).pathname | |
, filename = path.join(process.cwd(), uri); | |
path.exists(filename, function(exists) { | |
if(!exists) { | |
response.writeHead(404, {"Content-Type": "text/plain"}); | |
response.write("404 Not Found\n"); | |
response.end(); | |
return; | |
} | |
if (fs.statSync(filename).isDirectory()) filename += '/index.html'; | |
fs.readFile(filename, "binary", function(err, file) { | |
if(err) { | |
response.writeHead(500, {"Content-Type": "text/plain"}); | |
response.write(err + "\n"); | |
response.end(); | |
return; | |
} | |
response.writeHead(200); | |
response.write(file, "binary"); | |
response.end(); | |
}); | |
}); | |
}).listen(parseInt(port, 10)); | |
console.log("Static file server running at\n => http://localhost:" + port + "/\nCTRL + C to shutdown"); |
This is insecure, someone can request /../../../etc/shadow
or similar to read any file they want.
thanks ...it's great, that why I'm looking for it
path.exists is now called fs.exists
This is insecure, someone can request
/../../../etc/shadow
or similar to read any file they want.
I guess you're not familiar with how path.join works, because as coded here it won't resolve to a directory outside of cwd directory branch.
fs.exists
is deprecated. fs.statSync
can be used to check if file path exists, as in dkebler's code above.
Thank you for this!
Incredible article, thanks for sharing it! I think this article will also be useful for you - Node js vs Python.
Thanks a lot for info! Was searching for it! The Attract Group's blog on lean product development provides a clear and concise overview, offering valuable insights into the methodology's principles and benefits. Their approach emphasizing efficiency and customer value is particularly compelling, providing a useful resource for entrepreneurs looking to streamline their development process and reduce waste.
Thanks a lot, but it can be hijacked