git.s-ol.nu mmm / 16402fb
fix the glaring security vulnerability i just implemented s-ol 2 years ago
2 changed file(s) with 20 addition(s) and 12 deletion(s). Raw diff Collapse all Expand all
2020 server = require 'http.server'
2121 headers = require 'http.headers'
2222
23 export UNSAFE
24
2325 class Server
2426 new: (@store, opts={}) =>
2527 opts = {k,v for k,v in pairs opts}
2729 opts.port = 8000 unless opts.port
2830 opts.onstream = @\stream
2931 opts.onerror = @\error
32
33 if opts.host == 'localhost'
34 UNSAFE = true
3035
3136 @editable_paths = opts.editable_paths
3237
127127
128128 assert 1 == parent.childElementCount, "text/html with more than one child!"
129129 parent.firstElementChild
130 }
131 {
132 inp: 'text/lua -> (.+)',
133 out: '%1',
134 cost: 0.5
135 transform: loadwith load or loadstring
136130 }
137131 {
138132 inp: 'mmm/tpl -> (.+)',
237231 }
238232 }
239233
234 if MODE == 'CLIENT' or UNSAFE
235 table.insert converts, {
236 inp: 'text/lua -> (.+)',
237 out: '%1',
238 cost: 0.5
239 transform: loadwith load or loadstring
240 }
241
240242 add_converts = (module) ->
241243 ok, plugin = pcall require, ".plugins.#{module}"
242244
264266 ok, moon = pcall require, 'moonscript.base'
265267 if ok
266268 _load = moon.load or moon.loadstring
267 table.insert converts, {
268 inp: 'text/moonscript -> (.+)',
269 out: '%1',
270 cost: 1
271 transform: loadwith moon.load or moon.loadstring
272 }
269 if UNSAFE
270 table.insert converts, {
271 inp: 'text/moonscript -> (.+)',
272 out: '%1',
273 cost: 1
274 transform: loadwith moon.load or moon.loadstring
275 }
273276
274277 table.insert converts, {
275278 inp: 'text/moonscript -> (.+)',