Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: improper handling of scheme-relative URLs in topic thumb logic

Browse Source
This commit is contained in:
Julian Lam
2020-11-23 14:15:57 -05:00
parent abc32d6270
commit 4ca62dc45b
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/topics/thumb.js
View File

@@ -23,6 +23,11 @@ module.exports = function (Topics) {
const pipeToFileAsync = util.promisify(pipeToFile); const pipeToFileAsync = util.promisify(pipeToFile);
Topics.resizeAndUploadThumb = async function (data) { Topics.resizeAndUploadThumb = async function (data) {
// Handle protocol-relative URLs
if (data.thumb.startsWith('//')) {
data.thumb = `${nconf.get('secure') ? 'https' : 'http'}:${data.thumb}`;
}
// Only continue if passed in thumbnail exists and is a URL. A system path means an upload is not necessary. // Only continue if passed in thumbnail exists and is a URL. A system path means an upload is not necessary.
if (!data.thumb || !validator.isURL(data.thumb)) { if (!data.thumb || !validator.isURL(data.thumb)) {
return; return;