Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

evil mimetype detection attempt

This commit is contained in:
Jan Steemann 2014-02-01 17:02:42 +01:00
parent 1a10cb52eb
commit 3db9bbe0cc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
js/apps/system/aardvark/aardvark.js
View File

@ -107,6 +107,12 @@ controller.put("/foxxes/:key", function (req, res) {
controller.get("/foxxes/thumbnail/:app", function (req, res) { controller.get("/foxxes/thumbnail/:app", function (req, res) {
res.transformations = [ "base64decode" ]; res.transformations = [ "base64decode" ];
res.body = foxxes.thumbnail(req.params("app")); res.body = foxxes.thumbnail(req.params("app"));
// evil mimetype detection attempt...
var start = require("internal").base64Decode(res.body.substr(0, 8));
if (start.indexOf("PNG") !== -1) {
res.contentType = "image/png";
}
}).pathParam("app", { }).pathParam("app", {
description: "The appname which is used to identify the foxx in the list of available foxxes.", description: "The appname which is used to identify the foxx in the list of available foxxes.",
type: "string", type: "string",