raresj/mypage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🏗️ Phase 1 for production readyness

Browse Source
This commit is contained in:
RJ
2025-11-24 15:59:18 +02:00
parent 5f585e2a9f
commit f383b86b4d
10 changed files with 77 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/remark-copy-images.ts
View File

@@ -39,8 +39,9 @@ async function copyAndRewritePath(node: ImageNode, options: Options): Promise<vo
const sourcePath = path.resolve(contentPostDir, urlWithoutParams)
if (sourcePath.includes('..') && !sourcePath.startsWith(path.join(process.cwd(), contentDir))) {
throw new Error(`Invalid image path: ${node.url} (path traversal detected)`)
const allowedBasePath = path.join(process.cwd(), contentDir)
if (!sourcePath.startsWith(allowedBasePath)) {
throw new Error(`Invalid image path outside content directory: ${node.url}`)
}
const relativeToContent = path.relative(path.join(process.cwd(), contentDir), sourcePath)