diff options
Diffstat (limited to 'src/internal-server/app/Controllers/Http')
-rw-r--r-- | src/internal-server/app/Controllers/Http/ImageController.js | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/internal-server/app/Controllers/Http/ImageController.js b/src/internal-server/app/Controllers/Http/ImageController.js index 9b11783c7..731f181e0 100644 --- a/src/internal-server/app/Controllers/Http/ImageController.js +++ b/src/internal-server/app/Controllers/Http/ImageController.js | |||
@@ -2,13 +2,25 @@ const Env = use('Env'); | |||
2 | 2 | ||
3 | const path = require('path'); | 3 | const path = require('path'); |
4 | const fs = require('fs-extra'); | 4 | const fs = require('fs-extra'); |
5 | const sanitize = require('sanitize-filename'); | ||
5 | 6 | ||
6 | class ImageController { | 7 | class ImageController { |
7 | async icon({ params, response }) { | 8 | async icon({ params, response }) { |
8 | const { id } = params; | 9 | let { id } = params; |
10 | |||
11 | id = sanitize(id); | ||
12 | if (id === '') { | ||
13 | return response.status(404).send({ | ||
14 | status: "Icon doesn't exist", | ||
15 | }); | ||
16 | } | ||
9 | 17 | ||
10 | const iconPath = path.join(Env.get('USER_PATH'), 'icons', id); | 18 | const iconPath = path.join(Env.get('USER_PATH'), 'icons', id); |
11 | if (!fs.existsSync(iconPath)) { | 19 | |
20 | try { | ||
21 | await fs.access(iconPath); | ||
22 | } catch { | ||
23 | // File not available. | ||
12 | return response.status(404).send({ | 24 | return response.status(404).send({ |
13 | status: "Icon doesn't exist", | 25 | status: "Icon doesn't exist", |
14 | }); | 26 | }); |