Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: make sure theme screenshot starts with themeDir

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2024-12-10 10:37:48 -05:00
parent 38520769a3
commit 3b713afed3
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/controllers/admin/themes.js
View File

@@ -20,12 +20,18 @@ themesController.get = async function (req, res, next) {
themeConfig = JSON.parse(themeConfig);
} catch (err) {
if (err.code === 'ENOENT') {
return next(Error('invalid-data'));
return next(Error('[[error:invalid-data]]'));
}
return next(err);
}
const screenshotPath = themeConfig.screenshot ? path.join(themeDir, themeConfig.screenshot) : defaultScreenshotPath;
const exists = await file.exists(screenshotPath);
const screenshotPath = themeConfig.screenshot ?
path.join(themeDir, themeConfig.screenshot) :
'';
if (screenshotPath && !screenshotPath.startsWith(themeDir)) {
throw new Error('[[error:invalid-path]]');
}
const exists = screenshotPath ? await file.exists(screenshotPath) : false;
res.sendFile(exists ? screenshotPath : defaultScreenshotPath);
};