oxen-io
/
session-open-group-server-legacy
mirror of https://github.com/oxen-io/session-open-group-server-legacy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

loki/v1/f/ - allow \. in file extensions/use fileUploadPath so can be unit tested

This commit is contained in:
Ryan Tharp 2021-03-03 04:14:43 +00:00
parent c680ed2b4b
commit 471b923065
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dialects/nodepomf/dialect.loki_nodepomf.js
View File

@ -88,10 +88,10 @@ module.exports = (app, prefix) => {
/// ************************************************
app.use(prefix + '/loki/v1/f/:file', function(req, res) {
const safePath = req.params.file.replace(/[\.\/]/g, '');
const safePath = req.params.file.replace(/\.\.\//g, '');
try {
const buf = fs.readFileSync('files/' + safePath);
const buf = fs.readFileSync(fileUploadPath + '/' + safePath);
/// NOTE: attachments in private conversations are saved under
/// `/root/nodepomf/files/` (not in `files/` relative to current dir)