From 471b923065b6cb00708bd17d98b571803cf4cf25 Mon Sep 17 00:00:00 2001
From: Ryan Tharp <neuro@interx.net>
Date: Wed, 3 Mar 2021 04:14:43 +0000
Subject: [PATCH] loki/v1/f/ - allow \. in file extensions/use fileUploadPath
 so can be unit tested

---
 dialects/nodepomf/dialect.loki_nodepomf.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dialects/nodepomf/dialect.loki_nodepomf.js b/dialects/nodepomf/dialect.loki_nodepomf.js
index 4077e30..e1a8e66 100644
--- a/dialects/nodepomf/dialect.loki_nodepomf.js
+++ b/dialects/nodepomf/dialect.loki_nodepomf.js
@@ -88,10 +88,10 @@ module.exports = (app, prefix) => {
   /// ************************************************
 
   app.use(prefix + '/loki/v1/f/:file', function(req, res) {
-    const safePath = req.params.file.replace(/[\.\/]/g, '');
+    const safePath = req.params.file.replace(/\.\.\//g, '');
 
     try {
-      const buf = fs.readFileSync('files/' + safePath);
+      const buf = fs.readFileSync(fileUploadPath + '/' + safePath);
 
       /// NOTE: attachments in private conversations are saved under
       /// `/root/nodepomf/files/` (not in `files/` relative to current dir)