mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 17:46:05 -05:00
FIX: allow for subdirectorys for cdn assets
This commit is contained in:
parent
6019e3f257
commit
27f85e5451
1 changed files with 7 additions and 2 deletions
|
@ -60,8 +60,13 @@ class StaticController < ApplicationController
|
|||
|
||||
skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
|
||||
def cdn_asset
|
||||
path = params[:path].gsub(/[^a-zA-Z0-9_\-\.]/, "")
|
||||
path = (Rails.root + "public/assets/" + path).to_s
|
||||
path = File.expand_path(Rails.root + "public/assets/" + params[:path])
|
||||
|
||||
# SECURITY what if path has /../
|
||||
unless path.start_with?(Rails.root.to_s + "/public/assets")
|
||||
raise Discourse::NotFound
|
||||
end
|
||||
|
||||
expires_in 1.year, public: true
|
||||
response.headers["Access-Control-Allow-Origin"] = params[:origin]
|
||||
begin
|
||||
|
|
Loading…
Reference in a new issue