Fixed plugin path check.

This commit is contained in:
Ylian Saint-Hilaire 2020-07-09 15:48:48 -07:00
parent d1831e2223
commit f412af4de0

View File

@ -518,8 +518,6 @@ module.exports.pluginHandler = function (parent) {
obj.handleAdminReq = function (req, res, user, serv) { obj.handleAdminReq = function (req, res, user, serv) {
if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
// path isn't a filename, it is a folder path
//if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
serv.app.set('views', path); serv.app.set('views', path);
if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminReq == 'function')) { if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminReq == 'function')) {
obj.plugins[req.query.pin].handleAdminReq(req, res, user); obj.plugins[req.query.pin].handleAdminReq(req, res, user);
@ -531,8 +529,6 @@ module.exports.pluginHandler = function (parent) {
obj.handleAdminPostReq = function (req, res, user, serv) { obj.handleAdminPostReq = function (req, res, user, serv) {
if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
// path isn't a filename, it is a folder path
//if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
serv.app.set('views', path); serv.app.set('views', path);
if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function')) { if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function')) {
obj.plugins[req.query.pin].handleAdminPostReq(req, res, user); obj.plugins[req.query.pin].handleAdminPostReq(req, res, user);