Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: make sure theme screenshot starts with themeDir

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2024-12-10 10:37:48 -05:00
parent 38520769a3
commit 3b713afed3
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/controllers/admin/themes.js
View File

@@ -20,12 +20,18 @@ themesController.get = async function (req, res, next) {
themeConfig = JSON.parse(themeConfig); themeConfig = JSON.parse(themeConfig);
} catch (err) { } catch (err) {
if (err.code === 'ENOENT') { if (err.code === 'ENOENT') {
return next(Error('invalid-data')); return next(Error('[[error:invalid-data]]'));
} }
return next(err); return next(err);
} }
const screenshotPath = themeConfig.screenshot ? path.join(themeDir, themeConfig.screenshot) : defaultScreenshotPath; const screenshotPath = themeConfig.screenshot ?
const exists = await file.exists(screenshotPath); path.join(themeDir, themeConfig.screenshot) :
'';
if (screenshotPath && !screenshotPath.startsWith(themeDir)) {
throw new Error('[[error:invalid-path]]');
}
const exists = screenshotPath ? await file.exists(screenshotPath) : false;
res.sendFile(exists ? screenshotPath : defaultScreenshotPath); res.sendFile(exists ? screenshotPath : defaultScreenshotPath);
}; };