v1.0.4: SECURITY check file.stat & 0o0004 to ignore privatefiles
This commit is contained in:
parent
152fc735ac
commit
5e4f9915e4
2
index.js
2
index.js
|
@ -108,7 +108,7 @@ function createHtmlFileList(opts, files, dir, useIcons, view) {
|
|||
: '';
|
||||
var OCTAL = 8;
|
||||
var WORLD_READ = parseInt(4, OCTAL); // R(4)W(2)X(1)
|
||||
var hasWorldRead = file.mode | WORLD_READ;
|
||||
var hasWorldRead = file.stat.mode & WORLD_READ;
|
||||
|
||||
if (!hasWorldRead && 'ignore' === opts.privatefiles) {
|
||||
return '';
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "serve-tpl-attachment",
|
||||
"version": "1.0.3",
|
||||
"version": "1.0.4",
|
||||
"description": "A template for serve-static with a direct download option (requires serve-index)",
|
||||
"homepage": "https://git.coolaj86.com/coolaj86/serve-tpl-download.js",
|
||||
"main": "index.js",
|
||||
|
|
Loading…
Reference in New Issue