mirror of https://gitee.com/bigwinds/arangodb
evil mimetype detection attempt
This commit is contained in:
parent
1a10cb52eb
commit
3db9bbe0cc
|
@ -107,6 +107,12 @@ controller.put("/foxxes/:key", function (req, res) {
|
||||||
controller.get("/foxxes/thumbnail/:app", function (req, res) {
|
controller.get("/foxxes/thumbnail/:app", function (req, res) {
|
||||||
res.transformations = [ "base64decode" ];
|
res.transformations = [ "base64decode" ];
|
||||||
res.body = foxxes.thumbnail(req.params("app"));
|
res.body = foxxes.thumbnail(req.params("app"));
|
||||||
|
|
||||||
|
// evil mimetype detection attempt...
|
||||||
|
var start = require("internal").base64Decode(res.body.substr(0, 8));
|
||||||
|
if (start.indexOf("PNG") !== -1) {
|
||||||
|
res.contentType = "image/png";
|
||||||
|
}
|
||||||
}).pathParam("app", {
|
}).pathParam("app", {
|
||||||
description: "The appname which is used to identify the foxx in the list of available foxxes.",
|
description: "The appname which is used to identify the foxx in the list of available foxxes.",
|
||||||
type: "string",
|
type: "string",
|
||||||
|
|
Loading…
Reference in New Issue