mirror of
https://github.com/discourse/discourse.git
synced 2024-12-02 17:53:43 +08:00
5dbe3b7b55
This commit adds limits to themes and theme components on the: - file size of about.json and .discourse-compatibility - file size of theme assets - number of files in a theme
38 lines
899 B
Ruby
38 lines
899 B
Ruby
# frozen_string_literal: true
|
|
|
|
class ThemeStore::Importer
|
|
def initialize(filename, original_filename)
|
|
@temp_folder = "#{Pathname.new(Dir.tmpdir).realpath}/discourse_theme_#{SecureRandom.hex}"
|
|
end
|
|
|
|
def all_files
|
|
Dir.glob("**/*", base: @temp_folder).reject { |f| File.directory?(File.join(@temp_folder, f)) }
|
|
end
|
|
|
|
def [](value)
|
|
fullpath = real_path(value)
|
|
return nil unless fullpath
|
|
File.read(fullpath)
|
|
end
|
|
|
|
def file_size(path)
|
|
fullpath = real_path(path)
|
|
return -1 unless fullpath
|
|
File.size(fullpath)
|
|
end
|
|
|
|
def real_path(relative)
|
|
fullpath = "#{@temp_folder}/#{relative}"
|
|
return nil unless File.exist?(fullpath)
|
|
|
|
# careful to handle symlinks here, don't want to expose random data
|
|
fullpath = Pathname.new(fullpath).realpath.to_s
|
|
|
|
if fullpath && fullpath.start_with?(@temp_folder)
|
|
fullpath
|
|
else
|
|
nil
|
|
end
|
|
end
|
|
end
|