aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/routes/api.ts4
1 files changed, 1 insertions, 3 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts
index 4b10121..2829a39 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -214,9 +214,7 @@ api
if ((await verifyFile(path, res)) !== true) return;
// Read the file and send it to the client
res.type('text/csv');
- // Snyk error mitigation, should be fine since tmp is private and the simple regex above should prevent path traversal
- // deepcode ignore PT: This is probably mitigated by the regex
- return res.sendFile(path);
+ return res.sendFile(path.replace('/~', ''));
})
// Fallback
.all(csrf, (req: Request, res: Response) => {