From 35c428b28067d33bcd2041c26633f4036ad355c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Bla=C5=BEej?= <trogper@gmail.com>
Date: Fri, 24 Dec 2021 12:26:17 +0100
Subject: [PATCH] add basic basepath sanitization

---
 server/server.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/server.js b/server/server.js
index 958aba691..23218f506 100644
--- a/server/server.js
+++ b/server/server.js
@@ -76,7 +76,15 @@ if (hostname) {
 
 const port = parseInt(process.env.UPTIME_KUMA_PORT || process.env.PORT || args.port || 3001);
 
-const basePath = process.env.UPTIME_KUMA_BASE_PATH || process.env.BASE_PATH || '/'
+let basePathEnv = process.env.UPTIME_KUMA_BASE_PATH || process.env.BASE_PATH || '/';
+
+if (!basePathEnv.startsWith('/'))
+    basePathEnv = '/' + basePathEnv;
+
+if (!basePathEnv.endsWith('/'))
+    basePathEnv = basePathEnv + '/';
+
+const basePath = basePathEnv;
 
 // SSL
 const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["ssl-key"] || undefined;