Ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-24 06:35:49 +03:00

History

jamesbloomer 9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. closes #942 - insert custom middleware to check for blacklisted files - redirect to express.static if file accepted - if not valid return next() to do nothing - currently black listing .hbs, .txt, .md and .json - debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting a theme serve unknown types		2013-10-11 18:05:31 +01:00
..
client	Swapping escape to sanitze	2013-10-09 19:13:16 +01:00
server	Lock down theme static directory to not serve templates, markdown and text files.	2013-10-11 18:05:31 +01:00
shared	Further fix to image markdown	2013-09-27 14:17:19 +01:00
test	Lock down theme static directory to not serve templates, markdown and text files.	2013-10-11 18:05:31 +01:00
config-loader.js	Update config validation to allow for socket only	2013-10-10 16:13:02 +01:00
ghost.js	Configuration validation in config-loader	2013-09-26 23:07:48 +01:00
server.js	Lock down theme static directory to not serve templates, markdown and text files.	2013-10-11 18:05:31 +01:00