File tree Expand file tree Collapse file tree 1 file changed +14
-2
lines changed Expand file tree Collapse file tree 1 file changed +14
-2
lines changed Original file line number Diff line number Diff line change @@ -174,9 +174,21 @@ module.exports = function (options) {
174174 var self = this,
175175 fileName = path.basename(decodeURIComponent(this.req.url));
176176
177- fs.unlink(options.uploadDir() + '/' + fileName, function (ex) {
177+ var filepath = path.join(options.uploadDir(), fileName);
178+ if (filepath.indexOf(options.uploadDir()) !== 0) {
179+ self.emit('delete', fileName);
180+ self.callback({success: false});
181+ return;
182+ }
183+ fs.unlink(filepath, function (ex) {
178184 _.each(options.imageVersions, function (value, version) {
179- fs.unlink(options.uploadDir() + '/' + version + '/' + fileName);
185+ var versionfilepath = path.join(options.uploadDir(), version, fileName);
186+ if (versionfilepath.indexOf(options.uploadDir()) !== 0) {
187+ self.emit('delete', fileName);
188+ self.callback({success: false});
189+ return;
190+ }
191+ fs.unlink(versionfilepath);
180192 });
181193 self.emit('delete', fileName);
182194 self.callback({success: !ex});
You can’t perform that action at this time.
0 commit comments