ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-13 22:41:32 -05:00

History

jamesbloomer 9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files. closes #942 - insert custom middleware to check for blacklisted files - redirect to express.static if file accepted - if not valid return next() to do nothing - currently black listing .hbs, .txt, .md and .json - debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting a theme serve unknown types	2013-10-11 18:05:31 +01:00
..
functional	Adds slashes to urls	2013-09-17 02:39:55 +01:00
unit	Lock down theme static directory to not serve templates, markdown and text files.	2013-10-11 18:05:31 +01:00

jamesbloomer 9d114c7fa6 Lock down theme static directory to not serve templates, markdown and text files.

closes #942
- insert custom middleware to check for blacklisted files
- redirect to express.static if file accepted
- if not valid return next() to do nothing
- currently black listing .hbs, .txt, .md and .json
- debatable which is best, black list or white list, either one will probably need tweaks but erred on side of letting
a theme serve unknown types

2013-10-11 18:05:31 +01:00

functional

Adds slashes to urls

2013-09-17 02:39:55 +01:00

unit

Lock down theme static directory to not serve templates, markdown and text files.

2013-10-11 18:05:31 +01:00