diff options
Diffstat (limited to 'src/internal-server/app/Controllers/Http/ImageController.js')
| -rw-r--r-- | src/internal-server/app/Controllers/Http/ImageController.js | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/internal-server/app/Controllers/Http/ImageController.js b/src/internal-server/app/Controllers/Http/ImageController.js index 9b11783c7..731f181e0 100644 --- a/src/internal-server/app/Controllers/Http/ImageController.js +++ b/src/internal-server/app/Controllers/Http/ImageController.js | |||
| @@ -2,13 +2,25 @@ const Env = use('Env'); | |||
| 2 | 2 | ||
| 3 | const path = require('path'); | 3 | const path = require('path'); |
| 4 | const fs = require('fs-extra'); | 4 | const fs = require('fs-extra'); |
| 5 | const sanitize = require('sanitize-filename'); | ||
| 5 | 6 | ||
| 6 | class ImageController { | 7 | class ImageController { |
| 7 | async icon({ params, response }) { | 8 | async icon({ params, response }) { |
| 8 | const { id } = params; | 9 | let { id } = params; |
| 10 | |||
| 11 | id = sanitize(id); | ||
| 12 | if (id === '') { | ||
| 13 | return response.status(404).send({ | ||
| 14 | status: "Icon doesn't exist", | ||
| 15 | }); | ||
| 16 | } | ||
| 9 | 17 | ||
| 10 | const iconPath = path.join(Env.get('USER_PATH'), 'icons', id); | 18 | const iconPath = path.join(Env.get('USER_PATH'), 'icons', id); |
| 11 | if (!fs.existsSync(iconPath)) { | 19 | |
| 20 | try { | ||
| 21 | await fs.access(iconPath); | ||
| 22 | } catch { | ||
| 23 | // File not available. | ||
| 12 | return response.status(404).send({ | 24 | return response.status(404).send({ |
| 13 | status: "Icon doesn't exist", | 25 | status: "Icon doesn't exist", |
| 14 | }); | 26 | }); |