From 86d3b2ba811aa8168eb01a5a345d3b717889ab8a Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Thu, 1 Sep 2011 23:24:51 +0200
Subject: [PATCH 1/2] Fix directory traversal

See https://ada.adrianlang.de/etherpad-lite-directory-traversal
---
 node/server.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/node/server.js b/node/server.js
index 944e73703..3014423bd 100644
--- a/node/server.js
+++ b/node/server.js
@@ -99,7 +99,8 @@ async.waterfall([
     app.get('/static/*', function(req, res)
     { 
       res.header("Server", serverName);
-      var filePath = path.normalize(__dirname + "/.." + req.url.split("?")[0]);
+      var filePath = path.normalize(__dirname + "/.." +
+                                    req.url.replace(/\./g, '').split("?")[0]);
       res.sendfile(filePath, { maxAge: exports.maxAge });
     });
     

From 7557af3db7db392fc12bdab19e4bc27d0bf92d56 Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Thu, 1 Sep 2011 23:24:51 +0200
Subject: [PATCH 2/2] Fix directory traversal fixing RegExp

---
 node/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/server.js b/node/server.js
index 3014423bd..2bebe6a24 100644
--- a/node/server.js
+++ b/node/server.js
@@ -100,7 +100,7 @@ async.waterfall([
     { 
       res.header("Server", serverName);
       var filePath = path.normalize(__dirname + "/.." +
-                                    req.url.replace(/\./g, '').split("?")[0]);
+                                    req.url.replace(/\.\./g, '').split("?")[0]);
       res.sendfile(filePath, { maxAge: exports.maxAge });
     });