From 5e4f9915e4ab1caa4b6acc7d0de5b7b21dd46e9c Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Sun, 12 Aug 2018 04:09:24 -0600
Subject: [PATCH] v1.0.4: SECURITY check file.stat & 0o0004 to ignore
 privatefiles

---
 index.js     | 2 +-
 package.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index d86b0ec..da6f774 100644
--- a/index.js
+++ b/index.js
@@ -108,7 +108,7 @@ function createHtmlFileList(opts, files, dir, useIcons, view) {
       : '';
     var OCTAL = 8;
     var WORLD_READ = parseInt(4, OCTAL); // R(4)W(2)X(1)
-    var hasWorldRead = file.mode | WORLD_READ;
+    var hasWorldRead = file.stat.mode & WORLD_READ;
 
     if (!hasWorldRead && 'ignore' === opts.privatefiles) {
       return '';
diff --git a/package.json b/package.json
index ed13318..84e6eae 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "serve-tpl-attachment",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "A template for serve-static with a direct download option (requires serve-index)",
   "homepage": "https://git.coolaj86.com/coolaj86/serve-tpl-download.js",
   "main": "index.js",