Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #53 from sharelatex/bg-sanitise-paths

Browse Source 
additional check for valid rootResource
This commit is contained in:
Brian Gough
2017-03-21 13:39:27 +00:00
committed by GitHub
parent b529b8add3 5af137f60b
commit 19dfaa7d55
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
test/unit/coffee/RequestParserTests.coffee
View File

@@ -223,4 +223,22 @@ describe "RequestParser", ->
it "should also escape the resource path", ->
@data.resources[0].path.should.equal @goodPath
describe "with a root resource path that has a relative path", ->
beforeEach ->
@validRequest.compile.rootResourcePath = "foo/../../bar.tex"
@RequestParser.parse @validRequest, @callback
@data = @callback.args[0][1]
it "should return an error", ->
@callback.calledWith("relative path in root resource")
.should.equal true
describe "with a root resource path that has unescaped + relative path", ->
beforeEach ->
@validRequest.compile.rootResourcePath = "foo/#../bar.tex"
@RequestParser.parse @validRequest, @callback
@data = @callback.args[0][1]
it "should return an error", ->
@callback.calledWith("relative path in root resource")
.should.equal true