diff options
Diffstat (limited to 'server/controllers')
-rw-r--r-- | server/controllers/api/config.ts | 5 | ||||
-rw-r--r-- | server/controllers/themes.ts | 10 |
2 files changed, 9 insertions, 6 deletions
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts index 088234074..81518bbb5 100644 --- a/server/controllers/api/config.ts +++ b/server/controllers/api/config.ts | |||
@@ -4,7 +4,7 @@ import { ServerConfig, UserRight } from '../../../shared' | |||
4 | import { About } from '../../../shared/models/server/about.model' | 4 | import { About } from '../../../shared/models/server/about.model' |
5 | import { CustomConfig } from '../../../shared/models/server/custom-config.model' | 5 | import { CustomConfig } from '../../../shared/models/server/custom-config.model' |
6 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' | 6 | import { isSignupAllowed, isSignupAllowedForCurrentIP } from '../../helpers/signup' |
7 | import { CONSTRAINTS_FIELDS } from '../../initializers/constants' | 7 | import { CONSTRAINTS_FIELDS, DEFAULT_THEME_NAME } from '../../initializers/constants' |
8 | import { asyncMiddleware, authenticate, ensureUserHasRight } from '../../middlewares' | 8 | import { asyncMiddleware, authenticate, ensureUserHasRight } from '../../middlewares' |
9 | import { customConfigUpdateValidator } from '../../middlewares/validators/config' | 9 | import { customConfigUpdateValidator } from '../../middlewares/validators/config' |
10 | import { ClientHtml } from '../../lib/client-html' | 10 | import { ClientHtml } from '../../lib/client-html' |
@@ -69,10 +69,11 @@ async function getConfig (req: express.Request, res: express.Response) { | |||
69 | name: t.name, | 69 | name: t.name, |
70 | version: t.version, | 70 | version: t.version, |
71 | description: t.description, | 71 | description: t.description, |
72 | css: t.css, | ||
72 | clientScripts: t.clientScripts | 73 | clientScripts: t.clientScripts |
73 | })) | 74 | })) |
74 | 75 | ||
75 | const defaultTheme = getThemeOrDefault(CONFIG.THEME.DEFAULT) | 76 | const defaultTheme = getThemeOrDefault(CONFIG.THEME.DEFAULT, DEFAULT_THEME_NAME) |
76 | 77 | ||
77 | const json: ServerConfig = { | 78 | const json: ServerConfig = { |
78 | instance: { | 79 | instance: { |
diff --git a/server/controllers/themes.ts b/server/controllers/themes.ts index 20e7062d0..104c285ad 100644 --- a/server/controllers/themes.ts +++ b/server/controllers/themes.ts | |||
@@ -1,13 +1,11 @@ | |||
1 | import * as express from 'express' | 1 | import * as express from 'express' |
2 | import { PLUGIN_GLOBAL_CSS_PATH } from '../initializers/constants' | ||
3 | import { join } from 'path' | 2 | import { join } from 'path' |
4 | import { RegisteredPlugin } from '../lib/plugins/plugin-manager' | 3 | import { RegisteredPlugin } from '../lib/plugins/plugin-manager' |
5 | import { servePluginStaticDirectoryValidator } from '../middlewares/validators/plugins' | ||
6 | import { serveThemeCSSValidator } from '../middlewares/validators/themes' | 4 | import { serveThemeCSSValidator } from '../middlewares/validators/themes' |
7 | 5 | ||
8 | const themesRouter = express.Router() | 6 | const themesRouter = express.Router() |
9 | 7 | ||
10 | themesRouter.get('/:themeName/:themeVersion/css/:staticEndpoint', | 8 | themesRouter.get('/:themeName/:themeVersion/css/:staticEndpoint(*)', |
11 | serveThemeCSSValidator, | 9 | serveThemeCSSValidator, |
12 | serveThemeCSSDirectory | 10 | serveThemeCSSDirectory |
13 | ) | 11 | ) |
@@ -24,5 +22,9 @@ function serveThemeCSSDirectory (req: express.Request, res: express.Response) { | |||
24 | const plugin: RegisteredPlugin = res.locals.registeredPlugin | 22 | const plugin: RegisteredPlugin = res.locals.registeredPlugin |
25 | const staticEndpoint = req.params.staticEndpoint | 23 | const staticEndpoint = req.params.staticEndpoint |
26 | 24 | ||
27 | return express.static(join(plugin.path, staticEndpoint), { fallthrough: false }) | 25 | if (plugin.css.includes(staticEndpoint) === false) { |
26 | return res.sendStatus(404) | ||
27 | } | ||
28 | |||
29 | return res.sendFile(join(plugin.path, staticEndpoint)) | ||
28 | } | 30 | } |