From 1361b61f99727da67df3f28905947335e41dda45 Mon Sep 17 00:00:00 2001
From: TerraDOOM <cttheodorstrom@gmail.com>
Date: Tue, 8 Nov 2022 14:53:55 +0000
Subject: [PATCH] Revert "Fix arbitrary file incusion"

---
 server/fileupload.js | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/server/fileupload.js b/server/fileupload.js
index 06612af..a7aa27c 100644
--- a/server/fileupload.js
+++ b/server/fileupload.js
@@ -1,19 +1,13 @@
 var fs = Npm.require('fs')
-var path = Npm.require('path')
-
-var basedir = "../../../../../uploaded/"
 
 Router.map(function() {
 	this.route('files', {
 		path: '/uploaded/:path',
 		where: 'server',
 		action: function() {
-			var p = path.join(basedir, this.params.path)
-            if (!p.startsWith(basedir)) {
-                this.response.writeHead(400)
-                return this.response.end()
-            }
-			var file = fs.readFileSync(p)
+			var path = this.params.path
+			var basedir = "../../../../../uploaded/"
+			var file = fs.readFileSync(basedir + path)
 			this.response.writeHead(200)
 			return this.response.end(file)
 		}
@@ -23,11 +17,7 @@ Router.map(function() {
 
 Meteor.methods({
 	"file-upload": function(info, data) {
-		var p = path.join(basedir, info.name)
-        if (!p.startsWith(basedir)) {
-            this.response.writeHead(400)
-            return this.response.end()
-        }
+		var path = "../../../../../uploaded/" + info.name
 		if(info.type.split("/")[0] == "image") {
 			fs.writeFileSync(path, new Buffer(data, 'binary'))
 		} else {