mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 14:44:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Always save uploads to a tmpdir first and cleanup afterwards

Browse source 
This makes sure no unintended files are permanently saved.

Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2020-12-27 15:52:26 +01:00
parent cf4344d9e0
commit 6932cc4df7
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
3 changed files with 26 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/web/imageRouter/filesystem.js
View file

@ -1,6 +1,7 @@
'use strict'
const URL = require('url').URL
const path = require('path')
const fs = require('fs')
const config = require('../../config')
const logger = require('../../logger')
@ -16,5 +17,13 @@ exports.uploadImage = function (imagePath, callback) {
return
}
callback(null, (new URL(path.basename(imagePath), config.serverURL + '/uploads/')).href)
const fileName = path.basename(imagePath)
// move image from temporary path to upload directory
try {
fs.copyFileSync(imagePath, path.join(config.uploadsPath, fileName))
} catch (e) {
callback(new Error('Error while moving file'), null)
return
}
callback(null, (new URL(fileName, config.serverURL + '/uploads/')).href)
}