hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

only use multipart on upload routes,

Browse Source 
delete temp files if there is an error in admin,
admin/mods should see topic reply
v1.18.x
barisusakli 10 years ago
parent 67770e568f
commit 9a21e9646f
5 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File

11
src/controllers/admin/uploads.js
Unescape Escape View File

@ -14,6 +14,7 @@ function validateUpload(res, req, allowedTypes) {
error: 'Invalid image type. Allowed types are: ' + allowedTypes.join(', ') error: 'Invalid image type. Allowed types are: ' + allowedTypes.join(', ')
}; };
fs.unlink(req.files.userPhoto.path);
res.send(req.xhr ? err : JSON.stringify(err)); res.send(req.xhr ? err : JSON.stringify(err));
return false; return false;
} }
@ -21,14 +22,12 @@ function validateUpload(res, req, allowedTypes) {
return true; return true;
} }
uploadsController.uploadImage = function(filename, folder, req, res) { uploadsController.uploadImage = function(filename, folder, req, res) {
function done(err, image) { function done(err, image) {
var er, rs; var er, rs;
fs.unlink(req.files.userPhoto.path); fs.unlink(req.files.userPhoto.path);
if(err) { if (err) {
er = {error: err.message}; er = {error: err.message};
return res.send(req.xhr ? er : JSON.stringify(er)); return res.send(req.xhr ? er : JSON.stringify(er));
} }
@ -37,7 +36,7 @@ uploadsController.uploadImage = function(filename, folder, req, res) {
res.send(req.xhr ? rs : JSON.stringify(rs)); res.send(req.xhr ? rs : JSON.stringify(rs));
} }
if(plugins.hasListeners('filter:uploadImage')) { if (plugins.hasListeners('filter:uploadImage')) {
plugins.fireHook('filter:uploadImage', req.files.userPhoto, done); plugins.fireHook('filter:uploadImage', req.files.userPhoto, done);
} else { } else {
file.saveFileToLocal(filename, folder, req.files.userPhoto.path, done); file.saveFileToLocal(filename, folder, req.files.userPhoto.path, done);
@ -54,6 +53,7 @@ uploadsController.uploadCategoryPicture = function(req, res, next) {
var err = { var err = {
error: 'Error uploading file! Error :' + e.message error: 'Error uploading file! Error :' + e.message
}; };
fs.unlink(req.files.userPhoto.path);
return res.send(req.xhr ? err : JSON.stringify(err)); return res.send(req.xhr ? err : JSON.stringify(err));
} }
@ -70,7 +70,8 @@ uploadsController.uploadFavicon = function(req, res, next) {
file.saveFileToLocal('favicon.ico', 'files', req.files.userPhoto.path, function(err, image) { file.saveFileToLocal('favicon.ico', 'files', req.files.userPhoto.path, function(err, image) {
fs.unlink(req.files.userPhoto.path); fs.unlink(req.files.userPhoto.path);
if(err) { if (err) {
err = {error: err.message};
return res.send(req.xhr ? err : JSON.stringify(err)); return res.send(req.xhr ? err : JSON.stringify(err));
} }

21
src/middleware/index.js
Unescape Escape View File

@ -1,11 +1,11 @@
"use strict"; "use strict";
var utils = require('./../../public/src/utils'), var utils = require('../../public/src/utils'),
meta = require('./../meta'), meta = require('../meta'),
plugins = require('./../plugins'), plugins = require('../plugins'),
db = require('./../database'), db = require('../database'),
auth = require('./../routes/authentication'), auth = require('../routes/authentication'),
emitter = require('./../emitter'), emitter = require('../emitter'),
async = require('async'), async = require('async'),
path = require('path'), path = require('path'),
@ -19,7 +19,6 @@ var utils = require('./../../public/src/utils'),
cookieParser = require('cookie-parser'), cookieParser = require('cookie-parser'),
compression = require('compression'), compression = require('compression'),
favicon = require('serve-favicon'), favicon = require('serve-favicon'),
multipart = require('connect-multiparty'),
session = require('express-session'), session = require('express-session'),
cluster = require('cluster'), cluster = require('cluster'),
@ -31,7 +30,7 @@ var middleware = {};
function routeCurrentTheme(app, themeId, themesData) { function routeCurrentTheme(app, themeId, themesData) {
themeId = (themeId || 'nodebb-theme-vanilla'); themeId = (themeId || 'nodebb-theme-vanilla');
var themeObj = (function(id) { var themeObj = (function(id) {
return themesData.filter(function(themeObj) { return themesData.filter(function(themeObj) {
return themeObj.id === id; return themeObj.id === id;
@ -49,7 +48,7 @@ function routeCurrentTheme(app, themeId, themesData) {
function setupFavicon(app) { function setupFavicon(app) {
var faviconPath = path.join(__dirname, '../../', 'public', meta.config['brand:favicon'] ? meta.config['brand:favicon'] : 'favicon.ico'); var faviconPath = path.join(__dirname, '../../', 'public', meta.config['brand:favicon'] ? meta.config['brand:favicon'] : 'favicon.ico');
if (fs.existsSync(faviconPath)) { if (fs.existsSync(faviconPath)) {
app.use(favicon(faviconPath)); app.use(favicon(faviconPath));
} }
} }
@ -70,7 +69,7 @@ module.exports = function(app, data) {
app.use(compression()); app.use(compression());
setupFavicon(app); setupFavicon(app);
app.use(relativePath + '/apple-touch-icon', middleware.routeTouchIcon); app.use(relativePath + '/apple-touch-icon', middleware.routeTouchIcon);
app.use(bodyParser.urlencoded({extended: true})); app.use(bodyParser.urlencoded({extended: true}));
@ -93,8 +92,6 @@ module.exports = function(app, data) {
saveUninitialized: true saveUninitialized: true
})); }));
app.use(multipart());
app.use(function (req, res, next) { app.use(function (req, res, next) {
res.setHeader('X-Powered-By', 'NodeBB'); res.setHeader('X-Powered-By', 'NodeBB');

2
src/privileges/categories.js
Unescape Escape View File

@ -35,7 +35,7 @@ module.exports = function(privileges) {
var isAdminOrMod = results.isAdministrator || results.isModerator; var isAdminOrMod = results.isAdministrator || results.isModerator;
callback(null, { callback(null, {
'topics:create': results['topics:create'][0], 'topics:create': results['topics:create'][0] || isAdminOrMod,
editable: isAdminOrMod, editable: isAdminOrMod,
view_deleted: isAdminOrMod, view_deleted: isAdminOrMod,
read: results.read[0] || isAdminOrMod read: results.read[0] || isAdminOrMod

13
src/routes/admin.js
Unescape Escape View File

@ -7,10 +7,15 @@ function apiRoutes(app, middleware, controllers) {
// todo, needs to be in api namespace // todo, needs to be in api namespace
app.get('/users/csv', middleware.authenticate, controllers.admin.users.getCSV); app.get('/users/csv', middleware.authenticate, controllers.admin.users.getCSV);
app.post('/category/uploadpicture', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadCategoryPicture); var multipart = require('connect-multiparty');
app.post('/uploadfavicon', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadFavicon); var multipartMiddleware = multipart();
app.post('/uploadlogo', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadLogo);
app.post('/uploadgravatardefault', middleware.applyCSRF, middleware.authenticate, controllers.admin.uploads.uploadGravatarDefault); var middlewares = [multipartMiddleware, middleware.applyCSRF, middleware.authenticate];
app.post('/category/uploadpicture', middlewares, controllers.admin.uploads.uploadCategoryPicture);
app.post('/uploadfavicon', middlewares, controllers.admin.uploads.uploadFavicon);
app.post('/uploadlogo', middlewares, controllers.admin.uploads.uploadLogo);
app.post('/uploadgravatardefault', middlewares, controllers.admin.uploads.uploadGravatarDefault);
} }
function adminRouter(middleware, controllers) { function adminRouter(middleware, controllers) {

9
src/routes/api.js
Unescape Escape View File

@ -206,8 +206,11 @@ module.exports = function(app, middleware, controllers) {
router.get('/categories/:cid/moderators', getModerators); router.get('/categories/:cid/moderators', getModerators);
router.get('/recent/posts/:term?', getRecentPosts); router.get('/recent/posts/:term?', getRecentPosts);
router.post('/post/upload', middleware.applyCSRF, uploadPost); var multipart = require('connect-multiparty');
router.post('/topic/thumb/upload', middleware.applyCSRF, uploadThumb); var multipartMiddleware = multipart();
router.post('/user/:userslug/uploadpicture', middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
router.post('/post/upload', multipartMiddleware, middleware.applyCSRF, uploadPost);
router.post('/topic/thumb/upload', multipartMiddleware, middleware.applyCSRF, uploadThumb);
router.post('/user/:userslug/uploadpicture', multipartMiddleware, middleware.applyCSRF, middleware.authenticate, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.uploadPicture);
}; };

Write Preview
Loading…
Cancel
Save