From 4ca62dc45bde04a9a7c12f04b017463337108ed7 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 23 Nov 2020 14:15:57 -0500 Subject: [PATCH] fix: improper handling of scheme-relative URLs in topic thumb logic --- src/topics/thumb.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/topics/thumb.js b/src/topics/thumb.js index 1423e3382e..b948a34631 100644 --- a/src/topics/thumb.js +++ b/src/topics/thumb.js @@ -23,6 +23,11 @@ module.exports = function (Topics) { const pipeToFileAsync = util.promisify(pipeToFile); Topics.resizeAndUploadThumb = async function (data) { + // Handle protocol-relative URLs + if (data.thumb.startsWith('//')) { + data.thumb = `${nconf.get('secure') ? 'https' : 'http'}:${data.thumb}`; + } + // Only continue if passed in thumbnail exists and is a URL. A system path means an upload is not necessary. if (!data.thumb || !validator.isURL(data.thumb)) { return;