Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-05-15 14:12:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor deserialization and authentication (#550)

Browse source 
* Refactor deserialization and more

* Refactor authentication flow

* Fix unit tests

* Make deserialization better
This commit is contained in:
Josh 2022-11-10 21:14:16 -06:00 committed by GitHub
parent 505b5eb03b
commit b3a00da554
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
48 changed files with 575 additions and 589 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ProjectLighthouse.Servers.Website/Controllers/ResourcesController.cs
View file

@ -14,10 +14,9 @@ public class ResourcesController : ControllerBase
string path = FileHelper.GetImagePath($"{hash}.png");
string fullPath = Path.GetFullPath(path);
string basePath = Path.GetFullPath(FileHelper.ImagePath);
// Prevent directory traversal attacks
if (!fullPath.StartsWith(basePath)) return this.BadRequest();
if (!fullPath.StartsWith(FileHelper.FullImagePath)) return this.BadRequest();
if (IOFile.Exists(path)) return this.File(IOFile.OpenRead(path), "image/png");