harden database interactions and improve error handling
This commit is contained in:
@@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => {
|
||||
const pathStr = Array.isArray(pathParam) ? pathParam.join("/") : pathParam;
|
||||
|
||||
// prevent path traversal
|
||||
const baseDir = resolve(process.cwd(), "private/audio");
|
||||
const baseDir = resolve(process.cwd(), "data/audio");
|
||||
const filePath = normalize(resolve(baseDir, pathStr));
|
||||
|
||||
if (!filePath.startsWith(baseDir)) {
|
||||
|
||||
Reference in New Issue
Block a user