Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-07 00:06:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: translator path traversal

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2021-10-25 12:51:56 -04:00
parent 835c73c431
commit c8b2fc46dc
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/languages.js
View File

@@ -13,7 +13,11 @@ const files = fs.readdirSync(path.join(paths.nodeModules, '/timeago/locales'));
Languages.timeagoCodes = files.filter(f => f.startsWith('jquery.timeago')).map(f => f.split('.')[2]);
Languages.get = async function (language, namespace) {
const data = await fs.promises.readFile(path.join(languagesPath, language, `${namespace}.json`), 'utf8');
const pathToLanguageFile = path.join(languagesPath, language, `${namespace}.json`);
if (!pathToLanguageFile.startsWith(languagesPath)) {
throw new Error('[[error:invalid-path]]');
}
const data = await fs.promises.readFile(pathToLanguageFile, 'utf8');
const parsed = JSON.parse(data) || {};
const result = await plugins.hooks.fire('filter:languages.get', {
language,