Skip to content

Commit 2bfc033

Browse files
committed
Safer destroy handling
1 parent 7d573c1 commit 2bfc033

File tree

2 files changed

+17
-10
lines changed

2 files changed

+17
-10
lines changed

lib/filehandler.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ module.exports = function (middleware, options, callback) {
1616
? 'application/json'
1717
: 'text/plain'
1818
});
19+
if (req.method == 'HEAD') return res.send(200);
1920
res.json(200, files);
2021
}
2122
});

lib/uploadhandler.js

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -160,16 +160,22 @@ module.exports = function (options) {
160160
};
161161

162162
UploadHandler.prototype.destroy = function () {
163-
var self = this,
164-
fileName = path.basename(decodeURIComponent(this.req.url));
165-
166-
fs.unlink(options.uploadDir() + '/' + fileName, function (ex) {
167-
_.each(options.imageVersions, function (value, version) {
168-
fs.unlink(options.uploadDir() + '/' + version + '/' + fileName);
169-
});
170-
self.emit('delete', fileName);
171-
self.callback(!ex);
172-
});
163+
var self = this, url = path.join(this.req.app.path() || '/', this.req.url);
164+
var uploadUrl = options.uploadUrl();
165+
if (url.slice(0, uploadUrl.length) === uploadUrl) {
166+
var fileName = path.basename(decodeURIComponent(this.req.url));
167+
if (fileName.indexOf('.') != 0) {
168+
fs.unlink(options.uploadDir() + '/' + fileName, function (ex) {
169+
_.each(options.imageVersions, function (value, version) {
170+
fs.unlink(options.uploadDir() + '/' + version + '/' + fileName);
171+
});
172+
self.emit('delete', fileName);
173+
self.callback(!ex);
174+
});
175+
}
176+
} else {
177+
self.callback(false);
178+
}
173179
};
174180

175181
UploadHandler.prototype.initUrls = function (fileInfo) {

0 commit comments

Comments
 (0)