1
2
3
4
5
6
7
8
9
10
11
12
13
14
| 'use strict';
|
| // https://en.wikipedia.org/wiki/Directory_traversal_attack
| const isSafePath = require('../utils').isSafePath;
|
| module.exports = () => {
| return function dta(ctx, next) {
| const path = ctx.path;
| if (!isSafePath(path, ctx)) {
| ctx.throw(400);
| }
| return next();
| };
| };
|
|
