starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-18 17:23:21 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity

fix: Fix path traversal vulnerability

Browse Source
This commit is contained in:
Maksim Eltyshev
2022-08-04 00:37:30 +02:00
parent fbe24c0fc0
commit ac1df5201d
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/api/controllers/attachments/download-thumbnail.js
View File

@@ -14,10 +14,6 @@ module.exports = {
regex: /^[0-9]+$/, regex: /^[0-9]+$/,
required: true, required: true,
}, },
filename: {
type: 'string',
required: true,
},
}, },
exits: { exits: {
@@ -54,14 +50,14 @@ module.exports = {
sails.config.custom.attachmentsPath, sails.config.custom.attachmentsPath,
attachment.dirname, attachment.dirname,
'thumbnails', 'thumbnails',
inputs.filename, 'cover-256.jpg',
); );
if (!fs.existsSync(filePath)) { if (!fs.existsSync(filePath)) {
throw Errors.ATTACHMENT_NOT_FOUND; throw Errors.ATTACHMENT_NOT_FOUND;
} }
this.res.type(attachment.filename); this.res.type('image/jpeg');
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(fs.createReadStream(filePath)); return exits.success(fs.createReadStream(filePath));

2
server/config/routes.js
View File

@@ -80,7 +80,7 @@ module.exports.routes = {
skipAssets: false, skipAssets: false,
}, },
'GET /attachments/:id/download/thumbnails/:filename': { 'GET /attachments/:id/download/thumbnails/cover-256.jpg': {
action: 'attachments/download-thumbnail', action: 'attachments/download-thumbnail',
skipAssets: false, skipAssets: false,
}, },