minimalistic-server 0.0.67 → 0.0.69
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +24 -6
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -23,6 +23,24 @@ function setObjectProperty(object, name, value, enumerable = true, writable = tr
|
|
|
23
23
|
)
|
|
24
24
|
}
|
|
25
25
|
|
|
26
|
+
function safeDecodeUri(str, defaultValue = '') {
|
|
27
|
+
try {
|
|
28
|
+
return decodeURI(str)
|
|
29
|
+
} catch (error) {
|
|
30
|
+
safePrint(error, true);
|
|
31
|
+
return defaultValue;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function safeDecodeUriComponent(str, defaultValue = '') {
|
|
36
|
+
try {
|
|
37
|
+
return decodeURIComponent(str)
|
|
38
|
+
} catch (error) {
|
|
39
|
+
safePrint(error, true);
|
|
40
|
+
return defaultValue;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
|
|
26
44
|
function safePrint(data, isError = false) {
|
|
27
45
|
try {
|
|
28
46
|
if (isError) {
|
|
@@ -42,7 +60,7 @@ const escapeHtmlMap = {
|
|
|
42
60
|
"<": "<",
|
|
43
61
|
">": ">",
|
|
44
62
|
'"': """,
|
|
45
|
-
"'": "
|
|
63
|
+
"'": "'",
|
|
46
64
|
}
|
|
47
65
|
|
|
48
66
|
const unescapeHtmlMap = {
|
|
@@ -1161,8 +1179,8 @@ export class Request {
|
|
|
1161
1179
|
|
|
1162
1180
|
const info = body.toString('utf-8', position.start, end);
|
|
1163
1181
|
|
|
1164
|
-
const name =
|
|
1165
|
-
const fileName =
|
|
1182
|
+
const name = safeDecodeUriComponent(info.match(/(?<=name=")[^"]*/gm)?.[0] ?? '');
|
|
1183
|
+
const fileName = safeDecodeUriComponent(info.match(/(?<=filename=")[^"]*/gm)?.[0] ?? '');
|
|
1166
1184
|
const contentType = info.match(/(?<=^Content-Type:)[^\n]+/gm)?.[0]?.trim() ?? '';
|
|
1167
1185
|
|
|
1168
1186
|
if (!name) {
|
|
@@ -1225,7 +1243,7 @@ export class Request {
|
|
|
1225
1243
|
(this.#headers?.['cookie'] ?? '')
|
|
1226
1244
|
.split(/\s*;\s*/gm)
|
|
1227
1245
|
.map(s => s.split(/\s*=\s*/gm))
|
|
1228
|
-
.map(x => [
|
|
1246
|
+
.map(x => [safeDecodeUriComponent(x[0] ?? ''), safeDecodeUriComponent(x[1] ?? '')])
|
|
1229
1247
|
);
|
|
1230
1248
|
}
|
|
1231
1249
|
|
|
@@ -2464,7 +2482,7 @@ async function handleRequest(req, routes, staticFileDirectories, handleNotFoundE
|
|
|
2464
2482
|
|
|
2465
2483
|
if (staticFileOrDirectory) {
|
|
2466
2484
|
routeHandler = () => {
|
|
2467
|
-
const filePath =
|
|
2485
|
+
const filePath = safeDecodeUri(path, staticFileOrDirectory.urlPath)
|
|
2468
2486
|
.replace(staticFileOrDirectory.urlPath, staticFileOrDirectory.serverFilePath)
|
|
2469
2487
|
.replaceAll('\\', '/')
|
|
2470
2488
|
.split('/')
|
|
@@ -2528,7 +2546,7 @@ async function handleRequest(req, routes, staticFileDirectories, handleNotFoundE
|
|
|
2528
2546
|
result = getRouteHandler(fragments, newRoot, methodPath, accumulatedPathParams);
|
|
2529
2547
|
|
|
2530
2548
|
if (result) {
|
|
2531
|
-
setObjectProperty(accumulatedPathParams, k.replace(/[{}]/gm, ''),
|
|
2549
|
+
setObjectProperty(accumulatedPathParams, k.replace(/[{}]/gm, ''), safeDecodeUriComponent(fragment));
|
|
2532
2550
|
break;
|
|
2533
2551
|
}
|
|
2534
2552
|
}
|