Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

Settings: Return 404 for unrecognised pages

Browse source 
Fixes #798

- Now checks the request URL against a whitelist to determine whether the settings
  page exists.

**Notes**

- This works in the short term, but a better solution for enumerating the available
  settings views or centralising a list of recognised views that are available
  to client side code, (the router and sidebar, among others) as well as the backend
  controller will be required.
This commit is contained in:
Christopher Giffard 2013-09-18 12:31:43 +10:00
parent 658a21bcf8
commit 8fa1ce96ff
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
core/server/controllers/admin.js
View file

@ -260,7 +260,17 @@ adminControllers = {
adminNav: setSelected(adminNavbar, 'content')
});
},
'settings': function (req, res) {
'settings': function (req, res, next) {
// TODO: Centralise list/enumeration of settings panes, so we don't
// run into trouble in future.
var allowedSections = ["", "general", "user"],
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, "");
if (allowedSections.indexOf(section) < 0) {
return next();
}
res.render('settings', {
bodyClass: 'settings',
adminNav: setSelected(adminNavbar, 'settings')