li0nhunter/Cantor-Najman-Site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Validate scan link format and update file path handling
All checks were successful
deploy / deploy (push) Successful in 2m30s
Details

Browse Source
This commit is contained in:
Ari Yeger
2025-07-18 18:40:52 -04:00
parent ebf42e073a
commit 5ad3c1058b
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/app.js
View File

@ -116,7 +116,12 @@ app.get('/api/music-scans/download/:id', AuthHandler, async (req, res) => {
else if (queryResult.length > 1) res.status(500).json({ message: 'Multiple scans found with the same ID' });
else {
const scan = queryResult[0];
const filePath = path.join(UPLOAD_FOLDER, scan.link);
if (!scan.link || !scan.link.endsWith('.pdf')) {
res.status(400).json({ message: 'Invalid scan link' });
return;
}
const link = path.join(...(scan.link.split('\\')));
const filePath = path.join(UPLOAD_FOLDER, link);
res.download(filePath, scan.name + '.pdf');
}
});