Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #9040

Browse Source
This commit is contained in:
Julian Lam
2020-12-03 13:50:30 -05:00
parent 1949d20a87
commit 708b1c338f
3 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/write/topics.js
View File

@@ -115,6 +115,6 @@ Topics.addThumb = async (req, res) => {
}; };
Topics.deleteThumb = async (req, res) => { Topics.deleteThumb = async (req, res) => {
await topics.thumbs.delete(req.params.tid, req.query.path); await topics.thumbs.delete(req.params.tid, req.body.path);
helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid)); helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
}; };

10
src/middleware/assert.js
View File

@@ -44,15 +44,6 @@ Assert.topic = helpers.try(async (req, res, next) => {
next(); next();
}); });
Assert.topicThumb = helpers.try(async (req, res, next) => {
// thumbs are parsed out of req.query
if (!await topics.thumbs.exists(req.params.tid, req.query.path)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-file]]'));
}
next();
});
Assert.post = helpers.try(async (req, res, next) => { Assert.post = helpers.try(async (req, res, next) => {
if (!await posts.exists(req.params.pid)) { if (!await posts.exists(req.params.pid)) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]')); return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
@@ -67,7 +58,6 @@ Assert.path = helpers.try(async (req, res, next) => {
req.body.path = new URL(req.body.path).pathname; req.body.path = new URL(req.body.path).pathname;
} }
// Checks file exists and is within bounds of upload_path
const pathToFile = path.join(nconf.get('upload_path'), req.body.path); const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
res.locals.cleanedPath = pathToFile; res.locals.cleanedPath = pathToFile;

2
src/routes/write/topics.js
View File

@@ -35,7 +35,7 @@ module.exports = function () {
setupApiRoute(router, 'delete', '/:tid/tags', [...middlewares, middleware.assert.topic], controllers.write.topics.deleteTags); setupApiRoute(router, 'delete', '/:tid/tags', [...middlewares, middleware.assert.topic], controllers.write.topics.deleteTags);
setupApiRoute(router, 'post', '/:tid/thumbs', [multipartMiddleware, middleware.validateFiles, ...middlewares], controllers.write.topics.addThumb); setupApiRoute(router, 'post', '/:tid/thumbs', [multipartMiddleware, middleware.validateFiles, ...middlewares], controllers.write.topics.addThumb);
setupApiRoute(router, 'delete', '/:tid/thumbs', [...middlewares, middleware.assert.topic, middleware.assert.topicThumb], controllers.write.topics.deleteThumb); setupApiRoute(router, 'delete', '/:tid/thumbs', [...middlewares, middleware.assert.topic, middleware.assert.path], controllers.write.topics.deleteThumb);
return router; return router;
}; };