diff --git a/assets/css/article.css b/assets/css/article.css index cbec30d..480f412 100644 --- a/assets/css/article.css +++ b/assets/css/article.css @@ -13,6 +13,7 @@ article > header { article > header > i { color: var(--accent); display: block; + font-size: 1rem; } .toc-container { diff --git a/libs/requestHandler.js b/libs/requestHandler.js index 4cb0d58..853ee62 100644 --- a/libs/requestHandler.js +++ b/libs/requestHandler.js @@ -4,18 +4,25 @@ import { mdRenderer, njkRenderer } from './siteRenderer.js' // Handle all request and try to find a corresponding file/template. export function requestHandler(req, res, Config) { + // Add some sanitization: + const path = req.path + // Remove all '..' -- should prevent path traversal. + .replace(/\.\.+/g, "") + // Remove trailing slashes ('/'). + .replace(/\/+$/g, "") + // Check for njk files first - if (fs.existsSync(`./${Config.contentDir}/pages/${req.path}.njk`)) - return res.send(njkRenderer(`./${Config.contentDir}/pages/${req.path}.njk`)) - if (fs.existsSync(`./${Config.contentDir}/pages/${req.path}/index.njk`)) - return res.send(njkRenderer(`./${Config.contentDir}/pages/${req.path}/index.njk`)) + if (fs.existsSync(`./${Config.contentDir}/pages/${path}.njk`)) + return res.send(njkRenderer(`./${Config.contentDir}/pages/${path}.njk`)) + if (fs.existsSync(`./${Config.contentDir}/pages/${path}/index.njk`)) + return res.send(njkRenderer(`./${Config.contentDir}/pages/${path}/index.njk`)) // Secondly search for markdown - if (fs.existsSync(`./${Config.contentDir}/pages/${req.path}.md`)) - return res.send(mdRenderer(`./${Config.contentDir}/pages/${req.path}.md`)) - if (fs.existsSync(`./${Config.contentDir}/pages/${req.path}/index.md`)) - return res.send(mdRenderer(`./${Config.contentDir}/pages/${req.path}/index.md`)) + if (fs.existsSync(`./${Config.contentDir}/pages/${path}.md`)) + return res.send(mdRenderer(`./${Config.contentDir}/pages/${path}.md`)) + if (fs.existsSync(`./${Config.contentDir}/pages/${path}/index.md`)) + return res.send(mdRenderer(`./${Config.contentDir}/pages/${path}/index.md`)) // If no matching file is found, return a 404 error. return res.status(404).send(njkRenderer(`./${Config.contentDir}/errors/404.njk`)) -} \ No newline at end of file +}