diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/serve.js | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/lib/serve.js b/lib/serve.js index c858a1b..56b981b 100644 --- a/lib/serve.js +++ b/lib/serve.js @@ -1098,24 +1098,28 @@ Serve.prototype.highlight = function (dirs) { Serve.prototype.blob = function (id, path) { var self = this - var etag = id + (path || '') + var unbox = typeof this.query.unbox === 'string' && this.query.unbox.replace(/\s/g, '+') + var etag = id + (path || '') + (unbox || '') if (self.req.headers['if-none-match'] === etag) return self.respond(304) var key if (path) { - path = decodeURIComponent(path) + try { path = decodeURIComponent(path) } catch(e) {} if (path[0] === '#') { - try { - key = new Buffer(path.substr(1), 'base64') - } catch(err) { - return self.respond(400, err.message) - } - if (key.length !== 32) { - return self.respond(400, 'Bad blob key') - } + unbox = path.substr(1) } else { return self.respond(400, 'Bad blob request') } } + if (unbox) { + try { + key = new Buffer(unbox, 'base64') + } catch(err) { + return self.respond(400, err.message) + } + if (key.length !== 32) { + return self.respond(400, 'Bad blob key') + } + } self.app.wantSizeBlob(id, function (err, size) { if (err) { if (/^invalid/.test(err.message)) return self.respond(400, err.message) @@ -1148,23 +1152,27 @@ Serve.prototype.image = function (path) { var id, key var m = urlIdRegex.exec(path) if (m && m[2] === '&') id = m[1], path = m[3] - var etag = 'image-' + id + (path || '') + var unbox = typeof this.query.unbox === 'string' && this.query.unbox.replace(/\s/g, '+') + var etag = 'image-' + id + (path || '') + (unbox || '') if (self.req.headers['if-none-match'] === etag) return self.respond(304) if (path) { - path = decodeURIComponent(path) + try { path = decodeURIComponent(path) } catch(e) {} if (path[0] === '#') { - try { - key = new Buffer(path.substr(1), 'base64') - } catch(err) { - return self.respond(400, err.message) - } - if (key.length !== 32) { - return self.respond(400, 'Bad blob key') - } + unbox = path.substr(1) } else { return self.respond(400, 'Bad blob request') } } + if (unbox) { + try { + key = new Buffer(unbox, 'base64') + } catch(err) { + return self.respond(400, err.message) + } + if (key.length !== 32) { + return self.respond(400, 'Bad blob key') + } + } self.app.wantSizeBlob(id, function (err, size) { if (err) { if (/^invalid/.test(err.message)) return self.respond(400, err.message) |