Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 18:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #6132

Browse Source
This commit is contained in:
Baris Usakli
2017-11-28 14:20:16 -05:00
parent 1ceb4ec795
commit d9c38c7e4f
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/index.js
View File

@@ -286,7 +286,7 @@ Controllers.outgoing = function (req, res, next) {
var allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal']; var allowedProtocols = ['http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal'];
var parsed = require('url').parse(url); var parsed = require('url').parse(url);
if (!url || !allowedProtocols.includes(parsed.protocol.slice(0, -1))) { if (!url || !parsed.protocol || !allowedProtocols.includes(parsed.protocol.slice(0, -1))) {
return next(); return next();
} }

9
test/controllers.js
View File

@@ -352,6 +352,15 @@ describe('Controllers', function () {
}); });
}); });
it('should 404 on /outgoing with invalid url', function (done) {
request(nconf.get('url') + '/outgoing?url=derp', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 404);
assert(body);
done();
});
});
it('should load /tos', function (done) { it('should load /tos', function (done) {
meta.config.termsOfUse = 'please accept our tos'; meta.config.termsOfUse = 'please accept our tos';
request(nconf.get('url') + '/tos', function (err, res, body) { request(nconf.get('url') + '/tos', function (err, res, body) {