diff --git a/src/backend/routes/main.js b/src/backend/routes/main.js
index 4d3232b9..8b4f9a53 100644
--- a/src/backend/routes/main.js
+++ b/src/backend/routes/main.js
@@ -3,6 +3,7 @@
const express = require('express');
const fs = require('fs');
const PACKAGE = require('../../../package.json');
+const path = require('path')
const router = express.Router({
caseSensitive: true,
@@ -29,15 +30,22 @@ router.get(/(.*)/, function (req, res, next) {
version: PACKAGE.version
});
} else {
- fs.readFile('dist' + req.params.page, 'utf8', function (err, data) {
- if (err) {
- res.render('index', {
- version: PACKAGE.version
- });
- } else {
- res.contentType('text/html').end(data);
- }
- });
+ var p = path.normalize('dist' + req.params.page)
+ if (p.startsWith('dist')) { // Allow access to ressources under 'dist' directory only.
+ fs.readFile(p, 'utf8', function (err, data) {
+ if (err) {
+ res.render('index', {
+ version: PACKAGE.version
+ });
+ } else {
+ res.contentType('text/html').end(data);
+ }
+ });
+ } else {
+ res.render('index', {
+ version: PACKAGE.version
+ });
+ }
}
});
diff --git a/src/frontend/js/i18n/messages.json b/src/frontend/js/i18n/messages.json
index a51f27c6..dd095b07 100644
--- a/src/frontend/js/i18n/messages.json
+++ b/src/frontend/js/i18n/messages.json
@@ -57,7 +57,7 @@
},
"footer": {
"fork-me": "Fork me on Github",
- "copy": "© 2018 jc21.com.",
+ "copy": "© 2019 jc21.com.",
"theme": "Theme by Tabler"
},
"dashboard": {