Permalink
Browse files

Orientation isn't taken into account when whitelisting/blacklisting s…

…izes
  • Loading branch information...
chriso committed Sep 12, 2012
1 parent ed9e7bb commit 1cacc1e289dd6bdd39cc0ef391d6ceac1fafd025
Showing with 15 additions and 10 deletions.
  1. +3 −2 lib/server.js
  2. +12 −8 test/server.js
View
@@ -234,10 +234,11 @@ Server.prototype.using = function (app) {
, dest_image = path.join(cache_dir, request.url);
//Check for blacklisted and whitelisted parameters
- if (blacklist && parameters.size in blacklist) {
+ var size_check = parameters.size.replace(/-.+$/, '');
+ if (blacklist && size_check in blacklist) {
info('image size is in blacklist');
return response.send(403);
- } else if (whitelist && !(parameters.size in whitelist)) {
+ } else if (whitelist && !(size_check in whitelist)) {
info('image size is not in whitelist');
return response.send(403);
}
View
@@ -162,10 +162,12 @@ describe('Server', function () {
.whitelist([ '200x', '300x300' ])
.using(app);
assert.statusCode(app.host + '/foo/300x300/1.jpg', 200, function () {
- assert.statusCode(app.host + '/foo/200x/1.jpg', 200, function () {
- assert.statusCode(app.host + '/foo/300x/1.jpg', 403, function () {
- app.server.close();
- done();
+ assert.statusCode(app.host + '/foo/300x300-centre/1.jpg', 200, function () {
+ assert.statusCode(app.host + '/foo/200x/1.jpg', 200, function () {
+ assert.statusCode(app.host + '/foo/300x/1.jpg', 403, function () {
+ app.server.close();
+ done();
+ });
});
});
});
@@ -176,12 +178,14 @@ describe('Server', function () {
imgr().serve(images)
.namespace('/foo')
.cacheDir(compiled)
- .blacklist([ '400x' ])
+ .blacklist([ '400x', '500x500' ])
.using(app);
assert.statusCode(app.host + '/foo/400x400/1.jpg', 200, function () {
- assert.statusCode(app.host + '/foo/400x/1.jpg', 403, function () {
- app.server.close();
- done();
+ assert.statusCode(app.host + '/foo/500x500-centre/1.jpg', 403, function () {
+ assert.statusCode(app.host + '/foo/400x/1.jpg', 403, function () {
+ app.server.close();
+ done();
+ });
});
});
});

0 comments on commit 1cacc1e

Please sign in to comment.