From 5a4d9e8d6ab587b4137fdec885c36b79b10b29f7 Mon Sep 17 00:00:00 2001 From: Alexander Akait <4567934+alexander-akait@users.noreply.github.com> Date: Fri, 29 Mar 2024 14:07:57 +0300 Subject: [PATCH] fix: security problem (#1799) --- src/middleware.js | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/middleware.js b/src/middleware.js index 82ca44bde..a0faed6f1 100644 --- a/src/middleware.js +++ b/src/middleware.js @@ -89,7 +89,7 @@ function wrapper(context) { resolve(next()); }, - req + req, ); }); } @@ -99,7 +99,8 @@ function wrapper(context) { const extra = {}; const filename = getFilenameFromUrl( context, - /** @type {string} */ (req.url) + /** @type {string} */ (req.url), + extra, ); if (!filename) { @@ -149,7 +150,7 @@ function wrapper(context) { */ (header) => { setHeaderForResponse(res, header.key, header.value); - } + }, ); } @@ -165,7 +166,7 @@ function wrapper(context) { setHeaderForResponse( res, "Content-Type", - context.options.mimeTypeDefault + context.options.mimeTypeDefault, ); } } @@ -213,7 +214,7 @@ function wrapper(context) { setHeaderForResponse( res, "Content-Range", - getValueContentRangeHeader("bytes", size) + getValueContentRangeHeader("bytes", size), ); setHeaderForResponse(res, "Content-Type", "text/html; charset=utf-8"); @@ -224,7 +225,7 @@ function wrapper(context) { setHeaderForResponse( res, "Content-Length", - Buffer.byteLength(document) + Buffer.byteLength(document), ); if (context.options.modifyResponseData) { @@ -233,7 +234,7 @@ function wrapper(context) { req, res, document, - byteLength + byteLength, )); } @@ -242,11 +243,11 @@ function wrapper(context) { return; } else if (parsedRanges === -2) { context.logger.error( - "A malformed 'Range' header was provided. A regular response will be sent for this request." + "A malformed 'Range' header was provided. A regular response will be sent for this request.", ); } else if (parsedRanges.length > 1) { context.logger.error( - "A 'Range' header with multiple ranges was provided. Multiple ranges are not supported, so a regular response will be sent for this request." + "A 'Range' header with multiple ranges was provided. Multiple ranges are not supported, so a regular response will be sent for this request.", ); } @@ -259,8 +260,8 @@ function wrapper(context) { getValueContentRangeHeader( "bytes", size, - /** @type {import("range-parser").Ranges} */ (parsedRanges)[0] - ) + /** @type {import("range-parser").Ranges} */ (parsedRanges)[0], + ), ); [{ start, end }] = parsedRanges; @@ -304,7 +305,7 @@ function wrapper(context) { req, res, bufferOrStream, - byteLength + byteLength, )); }