Fixed: Testing for a valid filename on a folder path causes plugins with views to fail to load associated views

This commit is contained in:
Ryan Blenis 2020-07-08 20:18:59 -04:00
parent fc75bff5ad
commit 222e8481d5

View File

@ -518,7 +518,8 @@ module.exports.pluginHandler = function (parent) {
obj.handleAdminReq = function (req, res, user, serv) { obj.handleAdminReq = function (req, res, user, serv) {
if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } // path isn't a filename, it is a folder path
//if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
serv.app.set('views', path); serv.app.set('views', path);
if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminReq == 'function')) { if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminReq == 'function')) {
obj.plugins[req.query.pin].handleAdminReq(req, res, user); obj.plugins[req.query.pin].handleAdminReq(req, res, user);
@ -530,7 +531,8 @@ module.exports.pluginHandler = function (parent) {
obj.handleAdminPostReq = function (req, res, user, serv) { obj.handleAdminPostReq = function (req, res, user, serv) {
if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } // path isn't a filename, it is a folder path
//if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
serv.app.set('views', path); serv.app.set('views', path);
if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function')) { if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function')) {
obj.plugins[req.query.pin].handleAdminPostReq(req, res, user); obj.plugins[req.query.pin].handleAdminPostReq(req, res, user);