From 4e5160de3b2270efa80d1165d56fbd8a7e5def0e Mon Sep 17 00:00:00 2001
From: jrtechs <jrtechs@hotmail.com>
Date: Mon, 10 Dec 2018 17:39:45 -0500
Subject: [PATCH] Fixed security issue with blog where .json and .js files were
 public to the web.

---
 includes/staticContentServer.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/includes/staticContentServer.js b/includes/staticContentServer.js
index f656c92..05a38d6 100644
--- a/includes/staticContentServer.js
+++ b/includes/staticContentServer.js
@@ -35,8 +35,11 @@ module.exports=
             //scripts
             else if (filename.includes(".js"))
             {
-                includes.sendJS(result, baseURL + filename);
-                return true;
+                if(baseURL.includes("includes/") || baseURL.includes("blogContent"))
+                {
+                    includes.sendJS(result, baseURL + filename);
+                    return true;
+                }
             }
             //html
             else if (filename.includes(".html"))