From 3ee6843e2c3dc9afc0ee1a2760837953be2d665e Mon Sep 17 00:00:00 2001
From: Jafar Akhondali <jafar.akhoondali@gmail.com>
Date: Fri, 26 Jul 2024 06:28:58 +0200
Subject: [PATCH] Block malicious looking requests to prevent path traversal
 attacks.

---
 server.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server.js b/server.js
index 1d2e9d53f..db9e1911a 100644
--- a/server.js
+++ b/server.js
@@ -6,6 +6,11 @@ var http = require("http"),
 
 
 http.createServer(function(request, response) {
+    if (path.normalize(decodeURI(request.url)) !== decodeURI(request.url)) {
+        response.statusCode = 403;
+        response.end();
+        return;
+    }
 
     var Response = {
         "200":function(file, filename){