Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Removed global registration of express.bodyParser

Browse source 
Fixes #824

- Removed global registration of `express.bodyParser` middleware.
- Replaced with `express.bodyParser`'s constituents: `express.json` and
`express.urlencoded`, then registered `express.multipart` against *only*
the upload route.
This commit is contained in:
William Dibbern 2013-09-18 18:30:31 -05:00
parent ea9c50f49e
commit 2417de8141
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
core/server.js
View file

@ -260,8 +260,10 @@ when.all([ghost.init(), helpers.loadCoreHelpers(ghost)]).then(function () {
// Add in all trailing slashes
server.use(slashes());
server.use(express.bodyParser({}));
server.use(express.bodyParser({uploadDir: __dirname + '/content/images'}));
server.use(express.json());
server.use(express.urlencoded());
server.use('/ghost/upload/', express.multipart());
server.use('/ghost/upload/', express.multipart({uploadDir: __dirname + '/content/images'}));
server.use(express.cookieParser(ghost.dbHash));
server.use(express.cookieSession({ cookie: { maxAge: 60000000 }}));
@ -351,6 +353,7 @@ when.all([ghost.init(), helpers.loadCoreHelpers(ghost)]).then(function () {
server.get('/ghost/debug/db/export/', auth, admin.debug['export']);
server.post('/ghost/debug/db/import/', auth, admin.debug['import']);
server.get('/ghost/debug/db/reset/', auth, admin.debug.reset);
// We don't want to register bodyParser globally b/c of security concerns, so use multipart only here
server.post('/ghost/upload/', admin.uploader);
server.get(/^\/(ghost$|(ghost-admin|admin|wp-admin|dashboard|signin)\/?)/, auth, function (req, res) {
res.redirect('/ghost/');