fix(plugins/rtf-to-html): restrict temp file permissions (#1339)

Fdawgs · Mar 21, 2023 · fa32bbc · fa32bbc
1 parent 1b14dc7
commit fa32bbc
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/plugins/rtf-to-html/index.js b/src/plugins/rtf-to-html/index.js
@@ -103,7 +103,8 @@ async function plugin(server, options) {
 			rtf: tempFile,
 			id,
 		};
-		await fs.writeFile(tempFile, req.body);
+		// 0600 permissions (read/write for owner only)
+		await fs.writeFile(tempFile, req.body, { mode: 0o600 });
 
 		try {
 			// Add title to document