mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-06 22:40:14 -05:00
Settings: Return 404 for unrecognised pages
Fixes #798 - Now checks the request URL against a whitelist to determine whether the settings page exists. **Notes** - This works in the short term, but a better solution for enumerating the available settings views or centralising a list of recognised views that are available to client side code, (the router and sidebar, among others) as well as the backend controller will be required.
This commit is contained in:
parent
658a21bcf8
commit
8fa1ce96ff
1 changed files with 11 additions and 1 deletions
|
@ -260,7 +260,17 @@ adminControllers = {
|
||||||
adminNav: setSelected(adminNavbar, 'content')
|
adminNav: setSelected(adminNavbar, 'content')
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
'settings': function (req, res) {
|
'settings': function (req, res, next) {
|
||||||
|
|
||||||
|
// TODO: Centralise list/enumeration of settings panes, so we don't
|
||||||
|
// run into trouble in future.
|
||||||
|
var allowedSections = ["", "general", "user"],
|
||||||
|
section = req.url.replace(/(^\/ghost\/settings[\/]*|\/$)/ig, "");
|
||||||
|
|
||||||
|
if (allowedSections.indexOf(section) < 0) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
|
||||||
res.render('settings', {
|
res.render('settings', {
|
||||||
bodyClass: 'settings',
|
bodyClass: 'settings',
|
||||||
adminNav: setSelected(adminNavbar, 'settings')
|
adminNav: setSelected(adminNavbar, 'settings')
|
||||||
|
|
Loading…
Reference in a new issue