Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-27 09:49:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2018-07-09 14:57:42 -04:00
parent cfb9784527
commit 85a55d1740
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/middleware/index.js
View File

@@ -145,8 +145,14 @@ middleware.privateUploads = function (req, res, next) {
if (req.loggedIn || parseInt(meta.config.privateUploads, 10) !== 1) {
return next();
}
if (req.path.startsWith(nconf.get('relative_path') + '/assets/uploads/files')) {
return res.status(403).json('not-allowed');
var extensions = (meta.config.privateUploadsExtensions || '').split(',').filter(Boolean);
var ext = path.extname(req.path);
ext = ext ? ext.replace(/^\./, '') : ext;
if (!extensions.length || extensions.includes(ext)) {
return res.status(403).json('not-allowed');
}
}
next();
};

8
src/views/admin/settings/uploads.tpl
View File

@@ -20,6 +20,14 @@
</label>
</div>
<div class="form-group">
<label for="maximumImageWidth">[[admin/settings/uploads:private-extensions]]</label>
<input type="text" class="form-control" value="" data-field="privateUploadsExtensions" placeholder="">
<p class="help-block">
[[admin/settings/uploads:private-uploads-extensions-help]]
</p>
</div>
<div class="form-group">
<label for="maximumImageWidth">[[admin/settings/uploads:max-image-width]]</label>
<input type="text" class="form-control" value="760" data-field="maximumImageWidth" placeholder="760">