From d77bce7a557cc7f7777df60f68b739560c5cb9d8 Mon Sep 17 00:00:00 2001 From: Ryan Blenis Date: Wed, 8 Jul 2020 20:18:59 -0400 Subject: [PATCH] Fixed: Testing for a valid filename on a folder path causes plugins with views to fail to load associated views --- pluginHandler.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pluginHandler.js b/pluginHandler.js index 19f20172..49246a5a 100644 --- a/pluginHandler.js +++ b/pluginHandler.js @@ -518,7 +518,8 @@ module.exports.pluginHandler = function (parent) { obj.handleAdminReq = function (req, res, user, serv) { if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); - if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } + // path isn't a filename, it is a folder path + //if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } serv.app.set('views', path); if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminReq == 'function')) { obj.plugins[req.query.pin].handleAdminReq(req, res, user); @@ -530,7 +531,8 @@ module.exports.pluginHandler = function (parent) { obj.handleAdminPostReq = function (req, res, user, serv) { if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; } var path = obj.path.join(obj.pluginPath, req.query.pin, 'views'); - if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } + // path isn't a filename, it is a folder path + //if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; } serv.app.set('views', path); if ((obj.plugins[req.query.pin] != null) && (typeof obj.plugins[req.query.pin].handleAdminPostReq == 'function')) { obj.plugins[req.query.pin].handleAdminPostReq(req, res, user);