fix: Fix path traversal vulnerability

plankanban · Aug 3, 2022 · ac1df52 · ac1df52
1 parent fbe24c0
commit ac1df52
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 7 deletions.
diff --git a/server/api/controllers/attachments/download-thumbnail.js b/server/api/controllers/attachments/download-thumbnail.js
@@ -14,10 +14,6 @@ module.exports = {
       regex: /^[0-9]+$/,
       required: true,
     },
-    filename: {
-      type: 'string',
-      required: true,
-    },
   },
 
   exits: {
@@ -54,14 +50,14 @@ module.exports = {
       sails.config.custom.attachmentsPath,
       attachment.dirname,
       'thumbnails',
-      inputs.filename,
+      'cover-256.jpg',
     );
 
     if (!fs.existsSync(filePath)) {
       throw Errors.ATTACHMENT_NOT_FOUND;
     }
 
-    this.res.type(attachment.filename);
+    this.res.type('image/jpeg');
     this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
 
     return exits.success(fs.createReadStream(filePath));

diff --git a/server/config/routes.js b/server/config/routes.js
@@ -80,7 +80,7 @@ module.exports.routes = {
     skipAssets: false,
   },
 
-  'GET /attachments/:id/download/thumbnails/:filename': {
+  'GET /attachments/:id/download/thumbnails/cover-256.jpg': {
     action: 'attachments/download-thumbnail',
     skipAssets: false,
   },