tqt/Ghost
2
1
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2023-12-13 21:00:40 +01:00
Code Issues 1 Releases Wiki Activity

Restrict uncapitalise middleware for API

Browse source 
no ref
- Do not lowercase anything after /api/v0.1/<resource>/ to protect :key/:slug
This commit is contained in:
Fabian Becker 2014-08-29 21:48:58 +02:00
parent 19465af6cf
commit a0b7941439
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/server/middleware/index.js
View file

@ -155,11 +155,17 @@ function redirectToSetup(req, res, next) {
// Detect uppercase in req.path
function uncapitalise(req, res, next) {
var pathToTest = req.path,
isSignupOrReset = req.path.match(/(\/ghost\/(signup|reset)\/)/i);
isSignupOrReset = req.path.match(/(\/ghost\/(signup|reset)\/)/i),
isAPI = req.path.match(/(\/ghost\/api\/v0[\d\.]+\/.*?\/)/i);
if (isSignupOrReset) {
pathToTest = isSignupOrReset[1];
}
// Do not lowercase anything after /api/v0.1/ to protect :key/:slug
if (isAPI) {
pathToTest = isAPI[1];
}
if (/[A-Z]/.test(pathToTest)) {
res.set('Cache-Control', 'public, max-age=' + utils.ONE_YEAR_S);