Sanitize some user inputs
This commit is contained in:
parent
928ade376b
commit
8378c5fc74
|
@ -64,6 +64,7 @@
|
|||
"fluent-ffmpeg": "^2.1.2",
|
||||
"morgan": "^1.10.0",
|
||||
"nanoid": "^3.3.4",
|
||||
"sanitize-filename": "^1.6.3",
|
||||
"sharp": "^0.31.3",
|
||||
"tmp": "^0.2.1",
|
||||
"winston": "^3.8.2"
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import fileType from 'file-type';
|
||||
import sanitize from "sanitize-filename";
|
||||
import { customAlphabet } from 'nanoid/async';
|
||||
import { getImagesFromDB, insertImageIntoDB } from '../utils/db';
|
||||
import logger from '../utils/logger';
|
||||
|
@ -98,7 +99,7 @@ export const getImages = async (
|
|||
export const getImage = async (filename: string): Promise<Image> => {
|
||||
try {
|
||||
logger.verbose(`Looking for file ${filename}...`);
|
||||
const file = fs.readFileSync(path.join(IMAGE_DIR, filename));
|
||||
const file = fs.readFileSync(path.join(IMAGE_DIR, sanitize(filename)));
|
||||
logger.verbose('Found.');
|
||||
const type = await fileType.fromBuffer(file);
|
||||
if (type === undefined) {
|
||||
|
@ -117,7 +118,7 @@ export const getImage = async (filename: string): Promise<Image> => {
|
|||
*/
|
||||
export const imageExists = async (filename: string): Promise<boolean> => {
|
||||
try {
|
||||
if (fs.existsSync(path.join(IMAGE_DIR, filename))) {
|
||||
if (fs.existsSync(path.join(IMAGE_DIR, sanitize(filename)))) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
26
yarn.lock
26
yarn.lock
|
@ -14933,6 +14933,15 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"sanitize-filename@npm:^1.6.3":
|
||||
version: 1.6.3
|
||||
resolution: "sanitize-filename@npm:1.6.3"
|
||||
dependencies:
|
||||
truncate-utf8-bytes: ^1.0.0
|
||||
checksum: aa733c012b7823cf65730603cf3b503c641cee6b239771d3164ca482f22d81a50e434a713938d994071db18e4202625669cc56bccc9d13d818b4c983b5f47fde
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"sanitize.css@npm:*":
|
||||
version: 13.0.0
|
||||
resolution: "sanitize.css@npm:13.0.0"
|
||||
|
@ -15194,6 +15203,7 @@ __metadata:
|
|||
jest: ^26.6.3
|
||||
morgan: ^1.10.0
|
||||
nanoid: ^3.3.4
|
||||
sanitize-filename: ^1.6.3
|
||||
sharp: ^0.31.3
|
||||
supertest: ^6.3.3
|
||||
tmp: ^0.2.1
|
||||
|
@ -16427,6 +16437,15 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"truncate-utf8-bytes@npm:^1.0.0":
|
||||
version: 1.0.2
|
||||
resolution: "truncate-utf8-bytes@npm:1.0.2"
|
||||
dependencies:
|
||||
utf8-byte-length: ^1.0.1
|
||||
checksum: ad097314709ea98444ad9c80c03aac8da805b894f37ceb5685c49ad297483afe3a5ec9572ebcaff699dda72b6cd447a2ba2a3fd10e96c2628cd16d94abeb328a
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"tryer@npm:^1.0.1":
|
||||
version: 1.0.1
|
||||
resolution: "tryer@npm:1.0.1"
|
||||
|
@ -16860,6 +16879,13 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"utf8-byte-length@npm:^1.0.1":
|
||||
version: 1.0.4
|
||||
resolution: "utf8-byte-length@npm:1.0.4"
|
||||
checksum: f188ca076ec094d58e7009fcc32623c5830c7f0f3e15802bfa4fdd1e759454a481fc4ac05e0fa83b7736e77af628a9ee0e57dcc89683d688fde3811473e42143
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"util-deprecate@npm:^1.0.1, util-deprecate@npm:^1.0.2, util-deprecate@npm:~1.0.1":
|
||||
version: 1.0.2
|
||||
resolution: "util-deprecate@npm:1.0.2"
|
||||
|
|
Loading…
Reference in New Issue