diff --git a/js/client/modules/org/arangodb/foxx/manager.js b/js/client/modules/org/arangodb/foxx/manager.js index ec1015af4f..1861ec6d1a 100644 --- a/js/client/modules/org/arangodb/foxx/manager.js +++ b/js/client/modules/org/arangodb/foxx/manager.js @@ -304,7 +304,7 @@ [ appInfo, mount ] ); utils.validateMount(mount); - if (/^((\/)|(\.\/)|(\.\.\/))/.test(appInfo)) { + if (utils.pathRegex.test(appInfo)) { appInfo = moveAppToServer(appInfo); } var res; diff --git a/js/common/modules/org/arangodb/foxx/manager-utils.js b/js/common/modules/org/arangodb/foxx/manager-utils.js index f1bcb044bb..0087d36c95 100644 --- a/js/common/modules/org/arangodb/foxx/manager-utils.js +++ b/js/common/modules/org/arangodb/foxx/manager-utils.js @@ -41,6 +41,7 @@ var ArangoError = arangodb.ArangoError; var mountRegEx = /^(\/[a-zA-Z0-9_\-%]+)+$/; var mountAppRegEx = /\/APP(\/|$)/i; var mountNumberRegEx = /^\/[\d\-%]/; +var pathRegex = /^((\.{0,2}(\/|\\))|(~\/)|[a-zA-Z]:\\)/; var getStorage = function() { "use strict"; @@ -487,6 +488,7 @@ exports.validateMount = validateMount; exports.typeToRegex = typeToRegex; exports.zipDirectory = zipDirectory; exports.getStorage = getStorage; +exports.pathRegex = pathRegex; // ----------------------------------------------------------------------------- // --SECTION-- END-OF-FILE diff --git a/js/server/modules/org/arangodb/foxx/manager.js b/js/server/modules/org/arangodb/foxx/manager.js index cf757ae204..76f56893bc 100644 --- a/js/server/modules/org/arangodb/foxx/manager.js +++ b/js/server/modules/org/arangodb/foxx/manager.js @@ -720,7 +720,7 @@ installAppFromRemote(buildGithubUrl(appInfo), targetPath); } else if (/^https?:/i.test(appInfo)) { installAppFromRemote(appInfo, targetPath); - } else if (/^((\/)|(\.\/)|(\.\.\/))/.test(appInfo)) { + } else if (utils.pathRegex.test(appInfo)) { installAppFromLocal(appInfo, targetPath); } else if (/^uploads\/tmp-/.test(appInfo)) { // Install from upload API