github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-26 11:32:11 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Better error handling for invalid locale bundle versions

Browse Source
This commit is contained in:
Gerhard Schlager
2019-11-11 22:30:31 +01:00
parent 34665d3f96
commit 6ebffaaf6e
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/extra_locales_controller.rb
View File

@ -9,15 +9,20 @@ class ExtraLocalesController < ApplicationController
:verify_authenticity_token
OVERRIDES_BUNDLE ||= 'overrides'
MD5_HASH_LENGTH ||= 32
def show
bundle = params[:bundle]
raise Discourse::InvalidAccess.new if !valid_bundle?(bundle)
if params[:v]&.size == 32
hash = ExtraLocalesController.bundle_js_hash(bundle)
immutable_for(1.year) if hash == params[:v]
version = params[:v]
if version.present?
if version.kind_of?(String) && version.length == MD5_HASH_LENGTH
hash = ExtraLocalesController.bundle_js_hash(bundle)
immutable_for(1.year) if hash == version
else
raise Discourse::InvalidParameters.new(:v)
end
end
render plain: ExtraLocalesController.bundle_js(bundle), content_type: "application/javascript"