Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix(uploads): security fix
  • Loading branch information
polonel committed Jun 20, 2021
1 parent caaec12 commit 25c5ae4
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion src/controllers/tickets.js
Expand Up @@ -637,7 +637,7 @@ ticketsController.uploadAttachment = function (req, res) {

if (
mimetype.indexOf('image/') === -1 &&
mimetype.indexOf('text/') === -1 &&
mimetype.indexOf('text/plain') === -1 &&
mimetype.indexOf('audio/mpeg') === -1 &&
mimetype.indexOf('audio/mp3') === -1 &&
mimetype.indexOf('audio/wav') === -1 &&
Expand All @@ -660,6 +660,18 @@ ticketsController.uploadAttachment = function (req, res) {
var savePath = path.join(__dirname, '../../public/uploads/tickets', object.ticketId)
var sanitizedFilename = filename.replace(/[^a-z0-9.]/gi, '_').toLowerCase()

var ext = path.extname(sanitizedFilename)
var badExts = ['.html', '.htm', '.js']

if (badExts.includes(ext)) {
error = {
status: 400,
message: 'Invalid File Type'
}

return file.resume()
}

if (!fs.existsSync(savePath)) fs.ensureDirSync(savePath)

object.filePath = path.join(savePath, 'attachment_' + sanitizedFilename)
Expand Down

0 comments on commit 25c5ae4

Please sign in to comment.