From 97741005edfb237c7f594aeb0a84e2a458b8e686 Mon Sep 17 00:00:00 2001
From: Haider Ali <73281382+rmhaiderali@users.noreply.github.com>
Date: Sat, 27 Jul 2024 01:46:04 +0500
Subject: [PATCH] Do not serve files when path ends with / in windows (#224)

---
 index.js     | 4 +++-
 test/send.js | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 546c717..1e581b0 100644
--- a/index.js
+++ b/index.js
@@ -605,12 +605,14 @@ SendStream.prototype.sendFile = function sendFile (path) {
 
   debug('stat "%s"', path)
   fs.stat(path, function onstat (err, stat) {
-    if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
+    var pathEndsWithSep = path[path.length - 1] === sep
+    if (err && err.code === 'ENOENT' && !extname(path) && !pathEndsWithSep) {
       // not found, check extensions
       return next(err)
     }
     if (err) return self.onStatError(err)
     if (stat.isDirectory()) return self.redirect(path)
+    if (pathEndsWithSep) return self.error(404)
     self.emit('file', path, stat)
     self.send(path, stat)
   })
diff --git a/test/send.js b/test/send.js
index 050e4b9..e399163 100644
--- a/test/send.js
+++ b/test/send.js
@@ -1194,6 +1194,12 @@ describe('send(file, options)', function () {
         .get('/')
         .expect(200, /tobi/, done)
     })
+
+    it('should 404 if file path contains trailing slash (windows)', function (done) {
+      request(createServer({ root: fixtures, index: false }))
+        .get('/tobi.html/')
+        .expect(404, done)
+    })
   })
 
   describe('root', function () {