h3 1.15.6 → 1.15.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +11 -12
- package/dist/index.mjs +11 -12
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1674,7 +1674,7 @@ async function serveStatic(event, options) {
|
|
|
1674
1674
|
const originalId = ufo.decodePath(
|
|
1675
1675
|
ufo.withLeadingSlash(ufo.withoutTrailingSlash(ufo.parseURL(event.path).pathname))
|
|
1676
1676
|
);
|
|
1677
|
-
if (
|
|
1677
|
+
if (/(^|[\\/])\.\.($|[\\/])/.test(originalId)) {
|
|
1678
1678
|
if (!options.fallthrough) {
|
|
1679
1679
|
throw createError({ statusCode: 404 });
|
|
1680
1680
|
}
|
|
@@ -1906,15 +1906,6 @@ function isEventHandler(input) {
|
|
|
1906
1906
|
return hasProp(input, "__is_handler__");
|
|
1907
1907
|
}
|
|
1908
1908
|
function toEventHandler(input, _, _route) {
|
|
1909
|
-
if (!isEventHandler(input)) {
|
|
1910
|
-
console.warn(
|
|
1911
|
-
"[h3] Implicit event handler conversion is deprecated. Use `eventHandler()` or `fromNodeMiddleware()` to define event handlers.",
|
|
1912
|
-
_route && _route !== "/" ? `
|
|
1913
|
-
Route: ${_route}` : "",
|
|
1914
|
-
`
|
|
1915
|
-
Handler: ${input}`
|
|
1916
|
-
);
|
|
1917
|
-
}
|
|
1918
1909
|
return input;
|
|
1919
1910
|
}
|
|
1920
1911
|
function dynamicEventHandler(initial) {
|
|
@@ -2008,7 +1999,8 @@ function createAppEventHandler(stack, options) {
|
|
|
2008
1999
|
const spacing = options.debug ? 2 : void 0;
|
|
2009
2000
|
return eventHandler(async (event) => {
|
|
2010
2001
|
event.node.req.originalUrl = event.node.req.originalUrl || event.node.req.url || "/";
|
|
2011
|
-
const _reqPath = event._path || event.node.req.url || "/";
|
|
2002
|
+
const _reqPath = _decodePath(event._path || event.node.req.url || "/");
|
|
2003
|
+
event._path = _reqPath;
|
|
2012
2004
|
let _layerPath;
|
|
2013
2005
|
if (options.onRequest) {
|
|
2014
2006
|
await options.onRequest(event);
|
|
@@ -2158,6 +2150,13 @@ function cachedFn(fn) {
|
|
|
2158
2150
|
return cache;
|
|
2159
2151
|
};
|
|
2160
2152
|
}
|
|
2153
|
+
function _decodePath(url) {
|
|
2154
|
+
const qIndex = url.indexOf("?");
|
|
2155
|
+
if (qIndex === -1) {
|
|
2156
|
+
return ufo.decodePath(url);
|
|
2157
|
+
}
|
|
2158
|
+
return ufo.decodePath(url.slice(0, qIndex)) + url.slice(qIndex);
|
|
2159
|
+
}
|
|
2161
2160
|
function websocketOptions(evResolver, appOptions) {
|
|
2162
2161
|
return {
|
|
2163
2162
|
...appOptions.websocket,
|
|
@@ -2197,7 +2196,7 @@ function createRouter(opts = {}) {
|
|
|
2197
2196
|
addRoute(path, handler, m);
|
|
2198
2197
|
}
|
|
2199
2198
|
} else {
|
|
2200
|
-
route.handlers[method] = toEventHandler(handler
|
|
2199
|
+
route.handlers[method] = toEventHandler(handler);
|
|
2201
2200
|
}
|
|
2202
2201
|
return router;
|
|
2203
2202
|
};
|
package/dist/index.mjs
CHANGED
|
@@ -1667,7 +1667,7 @@ async function serveStatic(event, options) {
|
|
|
1667
1667
|
const originalId = decodePath(
|
|
1668
1668
|
withLeadingSlash(withoutTrailingSlash(parseURL(event.path).pathname))
|
|
1669
1669
|
);
|
|
1670
|
-
if (
|
|
1670
|
+
if (/(^|[\\/])\.\.($|[\\/])/.test(originalId)) {
|
|
1671
1671
|
if (!options.fallthrough) {
|
|
1672
1672
|
throw createError({ statusCode: 404 });
|
|
1673
1673
|
}
|
|
@@ -1899,15 +1899,6 @@ function isEventHandler(input) {
|
|
|
1899
1899
|
return hasProp(input, "__is_handler__");
|
|
1900
1900
|
}
|
|
1901
1901
|
function toEventHandler(input, _, _route) {
|
|
1902
|
-
if (!isEventHandler(input)) {
|
|
1903
|
-
console.warn(
|
|
1904
|
-
"[h3] Implicit event handler conversion is deprecated. Use `eventHandler()` or `fromNodeMiddleware()` to define event handlers.",
|
|
1905
|
-
_route && _route !== "/" ? `
|
|
1906
|
-
Route: ${_route}` : "",
|
|
1907
|
-
`
|
|
1908
|
-
Handler: ${input}`
|
|
1909
|
-
);
|
|
1910
|
-
}
|
|
1911
1902
|
return input;
|
|
1912
1903
|
}
|
|
1913
1904
|
function dynamicEventHandler(initial) {
|
|
@@ -2001,7 +1992,8 @@ function createAppEventHandler(stack, options) {
|
|
|
2001
1992
|
const spacing = options.debug ? 2 : void 0;
|
|
2002
1993
|
return eventHandler(async (event) => {
|
|
2003
1994
|
event.node.req.originalUrl = event.node.req.originalUrl || event.node.req.url || "/";
|
|
2004
|
-
const _reqPath = event._path || event.node.req.url || "/";
|
|
1995
|
+
const _reqPath = _decodePath(event._path || event.node.req.url || "/");
|
|
1996
|
+
event._path = _reqPath;
|
|
2005
1997
|
let _layerPath;
|
|
2006
1998
|
if (options.onRequest) {
|
|
2007
1999
|
await options.onRequest(event);
|
|
@@ -2151,6 +2143,13 @@ function cachedFn(fn) {
|
|
|
2151
2143
|
return cache;
|
|
2152
2144
|
};
|
|
2153
2145
|
}
|
|
2146
|
+
function _decodePath(url) {
|
|
2147
|
+
const qIndex = url.indexOf("?");
|
|
2148
|
+
if (qIndex === -1) {
|
|
2149
|
+
return decodePath(url);
|
|
2150
|
+
}
|
|
2151
|
+
return decodePath(url.slice(0, qIndex)) + url.slice(qIndex);
|
|
2152
|
+
}
|
|
2154
2153
|
function websocketOptions(evResolver, appOptions) {
|
|
2155
2154
|
return {
|
|
2156
2155
|
...appOptions.websocket,
|
|
@@ -2190,7 +2189,7 @@ function createRouter(opts = {}) {
|
|
|
2190
2189
|
addRoute(path, handler, m);
|
|
2191
2190
|
}
|
|
2192
2191
|
} else {
|
|
2193
|
-
route.handlers[method] = toEventHandler(handler
|
|
2192
|
+
route.handlers[method] = toEventHandler(handler);
|
|
2194
2193
|
}
|
|
2195
2194
|
return router;
|
|
2196
2195
|
};
|