coolaj86
/
serve-tpl-download.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

v1.0.4: SECURITY check file.stat & 0o0004 to ignore privatefiles

This commit is contained in:
AJ ONeal 2018-08-12 04:09:24 -06:00
parent 152fc735ac
commit 5e4f9915e4
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.js
View File

@ -108,7 +108,7 @@ function createHtmlFileList(opts, files, dir, useIcons, view) {
: '';
var OCTAL = 8;
var WORLD_READ = parseInt(4, OCTAL); // R(4)W(2)X(1)
var hasWorldRead = file.mode | WORLD_READ;
var hasWorldRead = file.stat.mode & WORLD_READ;
if (!hasWorldRead && 'ignore' === opts.privatefiles) {
return '';

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "serve-tpl-attachment",
"version": "1.0.3",
"version": "1.0.4",
"description": "A template for serve-static with a direct download option (requires serve-index)",
"homepage": "https://git.coolaj86.com/coolaj86/serve-tpl-download.js",
"main": "index.js",