vbrandl/fotochallenge
Archived
1
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases Activity

Compare commits

base: vbrandl:v0.0.4
Branches Tags
vbrandl:main vbrandl:renovate/sveltejs-vite-plugin-svelte-4.x vbrandl:renovate/svelte-5.x vbrandl:renovate/lock-file-maintenance
vbrandl:v0.0.8 vbrandl:v0.0.7 vbrandl:v0.0.6 vbrandl:v0.0.5 vbrandl:v0.0.4 vbrandl:v0.0.3 vbrandl:v0.0.2 vbrandl:v0.0.1
..
compare: vbrandl:v0.0.5
Branches Tags
vbrandl:main vbrandl:renovate/sveltejs-vite-plugin-svelte-4.x vbrandl:renovate/svelte-5.x vbrandl:renovate/lock-file-maintenance
vbrandl:v0.0.8 vbrandl:v0.0.7 vbrandl:v0.0.6 vbrandl:v0.0.5 vbrandl:v0.0.4 vbrandl:v0.0.3 vbrandl:v0.0.2 vbrandl:v0.0.1

3 Commits
v0.0.4 ... v0.0.5

Author SHA1 Message Date
Valentin Brandl
4b8ecc65c3 0.0.5
All checks were successful
Publish / lints (push) Successful in 25s
Details
Publish / tests (push) Successful in 51s
Details
Publish / Publishing (push) Successful in 1m9s
Details
/ Misc Linters (push) Successful in 26s
Details
/ Build App (push) Successful in 1m1s
Details
2024-08-16 18:18:02 +02:00
Valentin Brandl
3696bcade2 Change parameter order 2024-08-16 18:17:44 +02:00
Valentin Brandl
dea401fec0 Add title
All checks were successful
/ Misc Linters (push) Successful in 22s
Details
/ Build App (push) Successful in 50s
Details
2024-08-16 18:08:49 +02:00
6 changed files with 10 additions and 9 deletions
Expand all files Collapse all files

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "fotochallenge",
"version": "0.0.4",
"version": "0.0.5",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "fotochallenge",
"version": "0.0.4",
"version": "0.0.5",
"devDependencies": {
"@sveltejs/adapter-auto": "^3.0.0",
"@sveltejs/adapter-node": "^5.2.0",

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "fotochallenge",
"version": "0.0.4",
"version": "0.0.5",
"private": true,
"scripts": {
"dev": "vite dev",

1
src/app.html
View File

@ -4,6 +4,7 @@
<meta charset="utf-8" />
<link rel="icon" href="%sveltekit.assets%/favicon.png" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Gabi und Hannes Fotochallenge</title>
%sveltekit.head%
</head>
<body data-sveltekit-preload-data="hover">

8
src/index.test.ts
View File

@ -3,18 +3,18 @@ import { describe, it, expect } from 'vitest';
describe('safe path', () => {
it('reject names with ../', () => {
expect(safePath('../foobar', './uploads')).toBe(false);
expect(safePath('./uplodas', '../foobar')).toBe(false);
});
it('accept names with ./', () => {
expect(safePath('./foobar', './uploads')).toBe(true);
expect(safePath('./uplodas', './foobar')).toBe(true);
});
it('reject names with /', () => {
expect(safePath('foo/bar', './uploads')).toBe(false);
expect(safePath('./uplodas', 'foo/bar')).toBe(false);
});
it('accept happy path', () => {
expect(safePath('foobar', './uploads')).toBe(true);
expect(safePath('./uplodas', 'foobar')).toBe(true);
});
});

2
src/lib/index.ts
View File

@ -1,7 +1,7 @@
// place files you want to import through the `$lib` alias in this folder.
import path from 'path';
function safePath(name: string, basePath: string): boolean {
function safePath(basePath: string, name: string): boolean {
const fullPath = `${basePath}/${name}`;
const relative = path.relative(basePath, fullPath);
return (

2
src/routes/+page.server.ts
View File

@ -36,7 +36,7 @@ export const actions = {
const name = formName as string;
if (!safePath(name, storagePath)) {
if (!safePath(storagePath, name)) {
return fail(400, { field: 'name', name: name, incorrect: true });
}
// const name = safePath(formName as string);