From a85be25f1da241ffa5bb6e70600f5fe346214f1d Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Mon, 7 Sep 2020 17:07:07 +0300
Subject: [PATCH] Fix Path traversal vulnerability

---
 lib/quickserver.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/quickserver.js b/lib/quickserver.js
index 8a88249..e5efeb4 100644
--- a/lib/quickserver.js
+++ b/lib/quickserver.js
@@ -24,6 +24,7 @@ var http = require('http'),
  
 var serverLogic = function(request, response) {
 
+	request.url = request.url.replace(/(\.\.)/g, '');
 	var uri = url.parse(request.url).pathname,
 		filename = path.join(process.cwd(), uri);
 	
@@ -87,4 +88,4 @@ else if(protocol === 'https') {
 lanIp.find(function(ip) {
 	var server = protocol + '://' + ip + ':' + port;
 	console.log('\nQuickserver running at:\n'.bold + server.inverse + '\nCTRL + C to shutdown');
-});
\ No newline at end of file
+});