Ghost/core/server
jamesbloomer 9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.
closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types
2013-10-11 18:05:31 +01:00
..
controllers Merge branch '0.3.1-wip' 2013-09-27 17:22:55 +01:00
data Merge pull request #923 from ErisDS/0.3.1-wip-mysql 2013-09-27 05:04:45 -07:00
helpers Merge pull request #996 from ErisDS/0.3.2-tagfixes 2013-10-10 07:05:15 -07:00
models Swapping escape to sanitze 2013-10-09 19:13:16 +01:00
permissions Cleanup indentation and quotes 2013-09-26 15:06:31 +01:00
plugins Cleanup indentation and quotes 2013-09-26 15:06:31 +01:00
views Removing reset button 2013-09-27 17:20:41 +01:00
api.js Merge branch '0.3.1-wip' 2013-09-27 17:22:55 +01:00
errorHandling.js Cleanup indentation and quotes 2013-09-26 15:06:31 +01:00
mail.js Change from address 2013-10-11 12:49:33 +01:00
middleware.js Lock down theme static directory to not serve templates, markdown and text files. 2013-10-11 18:05:31 +01:00
require-tree.js Cleanup indentation and quotes 2013-09-26 15:06:31 +01:00