Change parameter order
This commit is contained in:
parent
dea401fec0
commit
3696bcade2
@ -3,18 +3,18 @@ import { describe, it, expect } from 'vitest';
|
||||
|
||||
describe('safe path', () => {
|
||||
it('reject names with ../', () => {
|
||||
expect(safePath('../foobar', './uploads')).toBe(false);
|
||||
expect(safePath('./uplodas', '../foobar')).toBe(false);
|
||||
});
|
||||
|
||||
it('accept names with ./', () => {
|
||||
expect(safePath('./foobar', './uploads')).toBe(true);
|
||||
expect(safePath('./uplodas', './foobar')).toBe(true);
|
||||
});
|
||||
|
||||
it('reject names with /', () => {
|
||||
expect(safePath('foo/bar', './uploads')).toBe(false);
|
||||
expect(safePath('./uplodas', 'foo/bar')).toBe(false);
|
||||
});
|
||||
|
||||
it('accept happy path', () => {
|
||||
expect(safePath('foobar', './uploads')).toBe(true);
|
||||
expect(safePath('./uplodas', 'foobar')).toBe(true);
|
||||
});
|
||||
});
|
||||
|
@ -1,7 +1,7 @@
|
||||
// place files you want to import through the `$lib` alias in this folder.
|
||||
import path from 'path';
|
||||
|
||||
function safePath(name: string, basePath: string): boolean {
|
||||
function safePath(basePath: string, name: string): boolean {
|
||||
const fullPath = `${basePath}/${name}`;
|
||||
const relative = path.relative(basePath, fullPath);
|
||||
return (
|
||||
|
@ -36,7 +36,7 @@ export const actions = {
|
||||
|
||||
const name = formName as string;
|
||||
|
||||
if (!safePath(name, storagePath)) {
|
||||
if (!safePath(storagePath, name)) {
|
||||
return fail(400, { field: 'name', name: name, incorrect: true });
|
||||
}
|
||||
// const name = safePath(formName as string);
|
||||
|
Reference in New Issue
Block a user