From 414033de9dff66a327e3f3243234852f468a9d85 Mon Sep 17 00:00:00 2001
From: NGPixel <github@ngpixel.com>
Date: Fri, 3 Dec 2021 22:30:22 -0500
Subject: [PATCH] fix: asset path traversal on windows

---
 server/helpers/page.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/helpers/page.js b/server/helpers/page.js
index e2e03648..12d4b022 100644
--- a/server/helpers/page.js
+++ b/server/helpers/page.js
@@ -35,6 +35,8 @@ module.exports = {
     rawPath = rawPath.replace(unsafeCharsRegex, '')
     if (rawPath === '') { rawPath = 'home' }
 
+    rawPath = rawPath.replaceAll('\\', '').replaceAll('//', '').replaceAll(/\.\.+/ig, '')
+
     // Extract Info
     let pathParts = _.filter(_.split(rawPath, '/'), p => {
       p = _.trim(p)