Fixed again a critical bug with path travel...

Author: petersirka

index.js

@@ -7387,9 +7387,13 @@ F.$requestcontinue = function(req, res, headers) {
 
 		// Stops path travelsation outside of "public" directory
 		// A potential security issue
-		if (req.uri.pathname.indexOf('./') !== -1) {
-			req.$total_status(404);
-			return;
+		for (var i = 0; i < req.uri.pathname.length; i++) {
+			var c = req.uri.pathname[i];
+			var n = req.uri.pathname[i + 1];
+			if ((c === '.' && n === '/') || (c === '%' && n === '2' && req.uri.pathname[i + 2] === 'e')) {
+				req.$total_status(404);
+				return;
+			}
 		}
 
 		F.stats.request.file++;

package.json

@@ -99,7 +99,7 @@
         "name": "Sarp Aykent",
         "email": "[email protected]"
     }],
-    "version": "3.2.2",
+    "version": "3.2.3",
     "homepage": "http://www.totaljs.com",
     "bugs": {
         "url": "https://github.com/totaljs/framework/issues",