codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2024-11-27 17:45:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Non-admins can save (but not overwrite) file uploads.

Browse source
This commit is contained in:
Nick Winter 2014-04-12 13:03:46 -07:00
parent 8349578057
commit 072729acc3
1 changed files with 13 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
server/routes/file.coffee
View file

@ -70,7 +70,7 @@ postFileSchema =
required: ['filename', 'mimetype', 'path']
filePost = (req, res) ->
return errors.forbidden(res) unless req.user?.isAdmin()
return errors.forbidden(res) unless req.user
options = req.body
tv4 = require('tv4').tv4
valid = tv4.validate(options, postFileSchema)
@ -83,7 +83,8 @@ filePost = (req, res) ->
saveURL = (req, res) ->
options = createPostOptions(req)
checkExistence options, res, req.body.force, (err) ->
force = req.user.isAdmin() and req.body.force
checkExistence options, res, force, (err) ->
return errors.serverError(res) if err
writestream = Grid.gfs.createWriteStream(options)
request(req.body.url).pipe(writestream)
@ -91,7 +92,8 @@ saveURL = (req, res) ->
saveFile = (req, res) ->
options = createPostOptions(req)
checkExistence options, res, req.body.force, (err) ->
force = req.user.isAdmin() and req.body.force
checkExistence options, res, force, (err) ->
return if err
writestream = Grid.gfs.createWriteStream(options)
f = req.files[req.body.postName]
@ -101,7 +103,8 @@ saveFile = (req, res) ->
savePNG = (req, res) ->
options = createPostOptions(req)
checkExistence options, res, req.body.force, (err) ->
force = req.user.isAdmin() and req.body.force
checkExistence options, res, force, (err) ->
return errors.serverError(res) if err
writestream = Grid.gfs.createWriteStream(options)
img = new Buffer(req.body.b64png, 'base64')