Craftadoc/clsi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

replaced old symlink logic with tested middlewear based on fs.realpath

Browse Source
This commit is contained in:
Henry Oswald
2014-12-04 23:54:22 +00:00
parent 5b2031b84f
commit 92338ab419
3 changed files with 80 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/coffee/SymlinkCheckerMiddlewear.coffee Normal file
View File

@@ -0,0 +1,17 @@
Path = require("path")
fs = require("fs")
Settings = require("settings-sharelatex")
logger = require("logger-sharelatex")
module.exports = (req, res, next)->
basePath = Path.resolve("#{Settings.path.compilesDir}/#{req.params.project_id}")
requestedFsPath = Path.normalize("#{basePath}/#{req.params[0]}")
fs.realpath requestedFsPath, (err, realFsPath)->
if err?
return res.send(500)
else if requestedFsPath != realFsPath
logger.warn requestedFsPath:requestedFsPath, realFsPath:realFsPath, path: req.params[0], project_id: req.params.project_id, "trying to access a different file (symlink), aborting"
return res.send(404)
else
return next()