mirror of
https://github.com/linuxserver/core.git
synced 2026-02-20 05:07:19 +08:00
23 lines
551 B
JavaScript
23 lines
551 B
JavaScript
"use strict";
|
|
|
|
var Path = require("path");
|
|
var error = require("http-error");
|
|
|
|
module.exports = function sanitzePreviewPath(req, res, next) {
|
|
|
|
var normalized;
|
|
try {
|
|
normalized = Path.normalize(decodeURIComponent(req.params.path));
|
|
} catch (e) {
|
|
return next(new error.BadRequest("URI malformed"));
|
|
}
|
|
|
|
// N.B. Path.normalize does not strip away when the path starts with "../"
|
|
if (normalized)
|
|
normalized = normalized.replace(/[.]{2}\//g, "") || "/";
|
|
|
|
req.params.path = normalized;
|
|
|
|
next();
|
|
};
|