Alexander/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(hikes): decode URL-encoded slugs in dev image middleware (fix ü/ä/ö 404s)

Browse Source
This commit is contained in:
Alexander Bocken
2026-05-19 08:45:14 +02:00
parent cfdd58fb18
commit d957c746d5
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "homepage", "name": "homepage",
"version": "1.75.0", "version": "1.75.1",
"private": true, "private": true,
"type": "module", "type": "module",
"scripts": { "scripts": {
vite.config.ts
+11 -1
View File
@@ -27,7 +27,17 @@ function hikeImagesDevPlugin(): Plugin {
const url = req.url ?? ''; const url = req.url ?? '';
const m = url.match(/^\/hikes\/([^/]+)\/images\/([^/?#]+)(?:[?#].*)?$/); const m = url.match(/^\/hikes\/([^/]+)\/images\/([^/?#]+)(?:[?#].*)?$/);
if (!m) return next(); if (!m) return next();
const [, slug, file] = m; // Slug and filename ship URL-encoded (e.g. "ü" → "%C3%BC"),
// but the on-disk directory uses the raw UTF-8 character.
// Decode before joining, else everything under a slug with
// non-ASCII characters 404s in dev.
let slug: string, file: string;
try {
slug = decodeURIComponent(m[1]);
file = decodeURIComponent(m[2]);
} catch {
return next();
}
if (slug.includes('..') || file.includes('..')) return next(); if (slug.includes('..') || file.includes('..')) return next();
const filePath = path.join(ROOT, slug, 'images', file); const filePath = path.join(ROOT, slug, 'images', file);
try { try {