mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-11-02 20:16:04 +01:00
fix: check brand:touchIcon for correct path
This commit is contained in:
Barış Soner Uşaklı
@@ -145,12 +145,18 @@ middleware.logApiUsage = async function logApiUsage(req, res, next) {
|
|||||||
};
|
};
|
||||||
|
|
||||||
middleware.routeTouchIcon = function routeTouchIcon(req, res) {
|
middleware.routeTouchIcon = function routeTouchIcon(req, res) {
|
||||||
if (meta.config['brand:touchIcon'] && validator.isURL(meta.config['brand:touchIcon'])) {
|
const brandTouchIcon = meta.config['brand:touchIcon'];
|
||||||
return res.redirect(meta.config['brand:touchIcon']);
|
if (brandTouchIcon && validator.isURL(brandTouchIcon)) {
|
||||||
|
return res.redirect(brandTouchIcon);
|
||||||
}
|
}
|
||||||
|
|
||||||
let iconPath = '';
|
let iconPath = '';
|
||||||
if (meta.config['brand:touchIcon']) {
|
if (brandTouchIcon) {
|
||||||
iconPath = path.join(nconf.get('upload_path'), meta.config['brand:touchIcon'].replace(/assets\/uploads/, ''));
|
const uploadPath = nconf.get('upload_path');
|
||||||
|
iconPath = path.join(uploadPath, brandTouchIcon.replace(/assets\/uploads/, ''));
|
||||||
|
if (!iconPath.startsWith(uploadPath)) {
|
||||||
|
return res.status(404).send('Not found');
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
iconPath = path.join(nconf.get('base_dir'), 'public/images/touch/512.png');
|
iconPath = path.join(nconf.get('base_dir'), 'public/images/touch/512.png');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ const fs = require('fs');
|
|||||||
const path = require('path');
|
const path = require('path');
|
||||||
const util = require('util');
|
const util = require('util');
|
||||||
|
|
||||||
const request = require('../src/request');
|
|
||||||
const db = require('./mocks/databasemock');
|
const db = require('./mocks/databasemock');
|
||||||
|
const request = require('../src/request');
|
||||||
const api = require('../src/api');
|
const api = require('../src/api');
|
||||||
const categories = require('../src/categories');
|
const categories = require('../src/categories');
|
||||||
const topics = require('../src/topics');
|
const topics = require('../src/topics');
|
||||||
@@ -692,6 +692,16 @@ describe('Controllers', () => {
|
|||||||
assert(body);
|
assert(body);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should 404 if brand:touchIcon is not valid', async () => {
|
||||||
|
const oldValue = meta.config['brand:touchIcon'];
|
||||||
|
meta.config['brand:touchIcon'] = '../../not/valid';
|
||||||
|
|
||||||
|
const { response, body } = await request.get(`${nconf.get('url')}/apple-touch-icon`);
|
||||||
|
assert.strictEqual(response.statusCode, 404);
|
||||||
|
assert.strictEqual(body, 'Not found');
|
||||||
|
meta.config['brand:touchIcon'] = oldValue;
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
it('should error if guests do not have search privilege', async () => {
|
it('should error if guests do not have search privilege', async () => {
|
||||||
const { response, body } = await request.get(`${nconf.get('url')}/api/users?query=bar§ion=sort-posts`);
|
const { response, body } = await request.get(`${nconf.get('url')}/api/users?query=bar§ion=sort-posts`);
|
||||||
|
|||||||
Reference in New Issue
Block a user