Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-01 19:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2018-07-09 14:57:42 -04:00
parent cfb9784527
commit 85a55d1740
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/middleware/index.js
View File

@@ -145,8 +145,14 @@ middleware.privateUploads = function (req, res, next) {
if (req.loggedIn || parseInt(meta.config.privateUploads, 10) !== 1) {
return next();
}
if (req.path.startsWith(nconf.get('relative_path') + '/assets/uploads/files')) {
return res.status(403).json('not-allowed');
var extensions = (meta.config.privateUploadsExtensions || '').split(',').filter(Boolean);
var ext = path.extname(req.path);
ext = ext ? ext.replace(/^\./, '') : ext;
if (!extensions.length || extensions.includes(ext)) {
return res.status(403).json('not-allowed');
}
}
next();
};